Guides
...
CRM, ERP & Tax Integrations
CRM - Salesforce

Enabling webhooks

11min

Background

Our Salesforce managed app provides webhooks to enable realtime integration from Amberflo. This is an inbound realtime feed from Amberflo into Saleforce.

Note that updates in Salesforce are automatically fed to Amberflo and requires no additional configuration or setup.

There are two steps involved here:

  1. Enable inbound webhook endpoint in Salesforce to receive realtime updates from Amberflo
  2. Enable outbound wehooks in Amberflo to send updates to Salesforce

See a list of Amberflo webhooks here.

Step 1: Enable inbound Salesforce webhook endpoint to receive updates from Amberflo

  1. Prerequisites

The API Key should be configured. See Installing Amberflo.io Salesforce Managed App.

2. In Setup, type "Sites":



Document image


3. Register a domain if you do not already have one.

For instructions, read here.

4. Best practice: Create a website for each external package. So in this case, Amberflo.io should have its own website. Click New.

Document image


5. Complete the new site form as follows:



Document image


For the Active Site Home Page field, click on the lookup icon, and then search for "InMaintenance". Click on the Name link.

Document image


6. The created webhook site. Now Activate the site clicking on the link.

Document image


7. The activated webhook site.

Document image


8. Now we need to allow the site permission and access to the Amberflo webhook class. Click on the Site label Amberflo.io

Document image


9. Click on Public Access Settings, then click on Edit for "Enabled Apex Class Access".

Document image


10. Select AFLO.WebhookRestService and Add to Enabled Apex class, then click Save.



Testing the Salesforce webhook

The webhook endpoint is: {{Site URL}}/services/apexrest/AFLO/webhook

Document image


So in the above example, the endpoint URL would be:

Ping the endpoint:

Curl


Response:

Text


Test customer creation:

Curl


Response:

Text


If the webhook returns the following error, follow the steps 7 and 8 in the Instructions to grant permission.

JSON


The status of a webhook call can be viewed in the Amberflo Async Events tab.

Document image


Step 2: Enable webhooks in Amberflo to send updates to Salesforce

Once the inbound Salesforce webhook endpoint to receive updates is enabled, configure outbound Amberflo webhooks to call this Salesforce endpoint.

Outbound webhooks are configured by calling the the webhooks API See API Reference . This will enable realtime updates from Amberflo to Salesforce.

The following is a sample API call that configures an outbound Amberflo webhook to send customer updates to Salesforce. See a list of Amberflo webhooks here, so you can turn on the webhooks of your choice.

Curl


For each of the webhooks, you'll have to set the "topic": "INSERT WEBHOOK HERE".

You can obtain a list of all your Amberflo webhooks here:

Curl


Addressing webhook security concerns

  1. A web hook request comes to the Amberflo remote site endpoint.
  2. The request is verified by the rest service AFLO.WebhookRestService by looking to see if the given token is valid.
  3. If the token is invalid, the entire request is rejected.
  4. The token in Salesforce is stored in a custom setting (which only Admins have access to by default).
  5. AFLO.WebhookRestService class then processes the request - per our specific design - and does nothing else. It cannot do anything else.
  6. We do not have to allow any access to the instance though the Guest Site, except through the REST endpoint we created. Essentially there are NO guest users BUT the Salesforce web hook endpoint itself. This is recommended by Salesforce itself.

Additional resources from Salesforce:

Link 1 Link 2