Salesforce destination

The Salesforce destination connector enables data activation by syncing data from your data warehouse to Salesforce objects. This connector is designed for operational workflows where you need to deliver modeled data directly to your CRM for sales, marketing, and customer success teams.

The connector uses the Salesforce Bulk API v62.0 for efficient data loading and supports OAuth 2.0 authentication with comprehensive error handling through rejected records functionality.

Key features

• Data Activation Support: Sync enriched customer data, lead scores, and product usage metrics from your warehouse to Salesforce
• Bulk API Integration: Uses Salesforce Bulk API v62.0 for high-performance data loading with 100MB batch processing
• Rejected Records: Failed records are automatically captured and stored in S3 for analysis and reprocessing
• OAuth 2.0 Authentication: Secure authentication with support for both sandbox and production environments
• CSV Format Processing: Data is processed in CSV format for optimal compatibility with Salesforce Bulk API

Prerequisites

• A Salesforce account with one of the following subscriptions:
  • Enterprise Edition
  • Professional Edition with API access purchased as an add-on
• Airbyte version 1.8 or later, or Airbyte Cloud
• A Salesforce developer application with OAuth 2.0 credentials (Client ID and Client Secret)
• Recommended: a dedicated Salesforce user with appropriate object permissions

S3 prerequisites for rejected records

If you're using an S3 bucket to store rejected records, you also need the following.

1. Allow connections from Airbyte to your AWS S3/Minio S3 cluster (if they exist in separate VPCs).

2. Enforce encryption of data in transit.

3. An S3 bucket with credentials, a Role ARN, or an instance profile with read/write permissions configured for the host (EC2, EKS).

   • These fields are always required:

     • S3 Bucket Name
     • S3 Bucket Region
     • Prefix Path in the Bucket

   • If you are using STS Assume Role, you must provide:

     • Role ARN

   • If you are using AWS credentials, you must provide:

     • Access Key ID
     • Secret Access Key

   • If you are using an Instance Profile, you may omit the Access Key ID, Secret Access Key, and Role ARN.

Setup guide

Step 1: Create a Salesforce connected app

Before setting up the Airbyte connector, you need to create a Connected App in Salesforce to obtain OAuth 2.0 credentials.

1. Log in to your Salesforce org as an administrator
2. Navigate to Setup > App Manager
3. Click New Connected App
4. Fill in the basic information:
   • Connected App Name: "Airbyte Data Sync" (or your preferred name)
   • API Name: Auto-populates
   • Contact Email: Your email address
5. Enable OAuth Settings:
   • Check Enable OAuth Settings
   • Callback URL: https://cloud.airbyte.com/auth/callback (for Airbyte Cloud) or https://your-airbyte-domain.com/auth/callback (for self-managed Airbyte)
   • Selected OAuth Scopes: Add "Full access (full)" and "Perform requests on your behalf at any time (refresh_token, offline_access)"
6. Click Save and then Continue
7. Note the Consumer Key (Client ID) and Consumer Secret (Client Secret) for later use

Step 2: Create a dedicated Salesforce user (optional but recommended)

Follow the instructions below to create a profile and assign custom permission sets to grant the new user the write access needed for data you want to access with Airbyte.

Log in to Salesforce with an admin account.

1. Create a new User

• On the top right of the screen, click the gear icon and then click Setup.
• In the left navigation bar, under Administration, click Users > Users. Create a new User, entering details for the user's first name, last name, alias, and email. Filling in the email field auto-populates the username field and nickname. - Leave role unspecified - Select Salesforce Platform for the User License - Select Standard Platform User for Profile. - Decide whether to generate a new password and notify the user. - Select save

2. Create a new permission set

• Using the left navigation bar, select Users > Permission Sets
• Click New to create a new Permission Set.
• Give your permission set a descriptive label name (e.g., "Airbyte Data Activation"). The API name will autopopulate based on the label you give the permission set.
• For licence, leave this set to –None— and click save.
• Now that you see the permission set is created, define the permissions via Object Settings.
  • Click "Object Settings."
  • Select the Object Name for each object you want the user to have write access to (e.g., Accounts, Contacts, Opportunities).
  • Select "Edit" and check all the object permissions under "Object Permissions"
  • Click Save
  • Continue to add permissions for any objects you want Airbyte to have access to.

3. Assign the permission set to the new user

• From the Permission Sets page, click "Manage Assignments" next to the read-only permission set you just created.
• Click "Add Assignments."
• Find and select the user you created in Step 1.
• Click Assign

Log into the email you used in the preceding steps and verify your new Salesforce account user. You'll need to set a password as part of this process. Keep this password accessible.

:::info Profile vs. Permission Set: remember that the user's profile provides their baseline permissions. The permission set adds or restricts permissions on top of that. Object-Level vs. Field-Level Security: this guide focuses on object-level read-only access. While setting up your permission set, you can stick with object-level security or define more granular controls by scrolling down within each object settings page to select read access for only needed fields. :::

Step 3: Set up the Salesforce connector in Airbyte

For Airbyte Cloud

1. Log into your Airbyte Cloud account
2. Click Destinations and then click + New destination
3. Select Salesforce from the destination type dropdown
4. Enter a name for the Salesforce connector
5. Configure authentication:
   • Is Sandbox: First, toggle this setting based on your Salesforce environment (sandbox or production). Note: Changing this setting requires redoing authentication.
   • Client ID: Enter the Consumer Key from your Connected App
   • Client Secret: Enter the Consumer Secret from your Connected App
   • Refresh Token: Click Authenticate your account to generate this automatically
6. Click Set up destination and wait for the connection test to complete

For Self-Managed Airbyte

1. Navigate to your Airbyte instance (for example, http://localhost:8000)
2. Click Destinations and then click + New destination
3. Select Salesforce from the destination type dropdown
4. Enter a name for the Salesforce connector
5. Configure authentication:
   • Is Sandbox: First, set to true if connecting to a Salesforce sandbox, false for production. Note: Changing this setting requires redoing authentication.
   • Client ID: Enter the Consumer Key from your Connected App
   • Client Secret: Enter the Consumer Secret from your Connected App
   • Refresh Token: You'll need to obtain this through the OAuth flow using your callback URL
6. Click Set up destination and wait for the connection test to complete

Configuration

The connector uses OAuth 2.0 authentication with your Salesforce Connected App credentials. Make sure to set the Is Sandbox option correctly before authenticating, as this determines which Salesforce environment you connect to.

Supported sync modes

Limitations and considerations

• API Limits: respect Salesforce API limits based on your edition and purchased API calls
• Field Mapping: ensure source data types are compatible with target Salesforce field types
• Object Permissions: the authenticated user must have appropriate permissions on target objects
• Bulk API Quotas: monitor your Bulk API usage as it counts against your daily limits

Error handling

• Failed records are automatically captured for troubleshooting
• Monitor sync status through the Airbyte UI for detailed error information

Troubleshooting

Authentication issues

• Invalid Client Credentials: Verify your Connected App's Consumer Key and Consumer Secret
• Refresh Token Expired: Re-authenticate through the Airbyte UI to generate a new refresh token
• Sandbox vs Production: Ensure the "Is Sandbox" setting matches your Salesforce environment. Changing this setting requires redoing authentication.

Permission issues

• Insufficient Object Permissions: Verify the authenticated user has Create/Edit permissions on target objects
• Field-Level Security: Check that required fields are accessible to the user
• API Access: Confirm your Salesforce edition includes API access

Data issues

• Field Type Mismatches: Ensure source data types are compatible with Salesforce field types
• Required Field Validation: Check that all required Salesforce fields are populated

Monitoring

• Review sync logs in the Airbyte UI for detailed error messages
• Monitor Salesforce Setup > System Overview for API usage and limits

Reference

For programmatic configuration, use these parameter names:

{
  "client_id": "your_consumer_key",
  "client_secret": "your_consumer_secret", 
  "refresh_token": "your_refresh_token",
  "is_sandbox": false,
  "object_storage_config": {
    "storage_type": "S3",
    "access_key_id": "your_access_key_id",
    "secret_access_key": "your_secret_access_key",
    "s3_bucket_name": "your_bucket_name",
    "s3_bucket_region": "us-east-1",
    "bucket_path": "rejected_records/"
  }
}

Related documentation

• Data Activation Overview
• Salesforce Bulk API Documentation
• Salesforce Connected Apps
• Rejected Records

Changelog

The connector is still incubating, this section only exists to satisfy Airbyte's QA checks.

• 0.0.6