Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Salesforce

The Salesforce integration utilizes The Cyera AppExchange App and this documentation describes the technical capabilities of this integration, including authorization, scopes/permissions, and utilized endpoints. For more information on how to integrate Salesforce, visit our connection instructions.

Version

This integration utilizes the Salesforce REST API v62.0.

Base URL

The base URL used for all Salesforce API endpoints contains the Salesforce data center:
https://data_center.salesforce.com

Authentication & Authorization

The Cyera Salesforce integration connects using OAuth 2.0.

User Roles

By default, Cyera requires a Salesforce user with admin credentials to install the app. Non-administrator users must have the following permissions in their profile:

  • API Enabled
  • Customize Application
  • Manage Package Licenses
  • View All Data
Field Level Permissions

Salesforce allows setting permissions at field level for both visibility and accessibility. Fields without read permissions will not be included in the queries from Cyera.

Scopes

The Salesforce integration requires specific scopes that must be granted in order to function for a given capability.

ScopeBaseAccessDeletion
api (read)
api (write)
refresh_token
Base Scopes
All base scopes must be granted in order to connect the integration with Cyera. The remaining scopes are only required if enabling those capabilities

Limits

Limits in Salesforce are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket.

  • Cyera supports requests throttling to stay within 70-80% of specified service rate limits.
  • Cyera processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Capabilities

Access

Cyera's Salesforce integration provides Synchronous Access capabilities for the following supported identifier category: Email.

Data Interactions

For Access requests, Cyera will take the following actions:

  1. Extract the following default objects from Salesforce.
  2. Custom fields unique to the organization may also be returned as part of the default objects or other custom objects, if they may potentially include PII.
  3. Other custom objects may also be returned if they are linked to Contact, Lead, or User objects.
Case
  • attributes_type
  • attributes_url
  • AccountName
  • CaseNumber
  • ContactEmail
  • ContactFax
  • ContactId
  • ContactMobile
  • ContactPhone
  • CreatedById
  • CreatedDate
  • Description
  • IsClosed
  • IsDeleted
  • IsEscalated
  • Id
  • LastModifiedDate
  • LastReferencedDate
  • LastViewedDate
  • Origin
  • Priority
  • Reason
  • Status
  • Subject
  • SuppliedName
  • SuppliedEmail
  • SuppliedPhone
  • SuppliedCompany
  • Type
Contact
  • attributes_type
  • attributes_url
  • AccountName
  • Birthdate
  • CleanStatus
  • CreatedById
  • CreatedDate
  • Department
  • Description
  • Email
  • Fax
  • FirstName
  • HomePhone
  • Id
  • IsDeleted
  • IsEmailBounced
  • Languages__c
  • LastActivityDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MailingAddress
  • MailingCountry
  • MailingPostalCode
  • MobilePhone
  • Name
  • OtherAddress
  • OtherCountry
  • OtherPostalCode
  • Other Phone
  • OwnerId
  • Phone
  • Title
  • Salutation
Lead
  • attributes_type
  • attributes_url
  • Address
  • AnnualRevenue
  • CleanStatus
  • Company
  • CreatedById
  • CreatedDate
  • Description
  • Email
  • Fax
  • FirstName
  • Id
  • Industry
  • IsConverted
  • IsDeleted
  • LastActivityDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MobilePhone
  • Name
  • OwnerId
  • Phone
  • Status
  • Title
  • Website
Opportunity
  • attributes_type
  • attributes_url
  • AccountName
  • ClosedDate
  • CreatedById
  • CreatedDate
  • CurrentGenerators
  • Description
  • Fiscal
  • FiscalQuarter
  • FiscalYear
  • ForecastCategory
  • HasOpportunity
  • HasOverdueTask
  • Id
  • IsDeleted
  • IsClosed
  • IsPrivate
  • IsWon
  • LastModifiedDate
  • LastReferencedDate
  • LastViewedDate
  • LeadSource
  • Name
  • Probability
  • StageName
  • Type
Task
  • attributes_type
  • attributes_url
  • ActivityDate
  • CreatedById
  • CreatedDate
  • Description
  • IsArchived
  • IsClosed
  • IsHighPriority
  • IsRecurrence
  • LastModifiedDate
  • Priority
  • RecordTypeId
  • Status
  • Subject
  • TaskSubtype
User
  • attributes_type
  • attributes_url
  • Address
  • Alias
  • CommunityNickname
  • CreatedById
  • CreatedDate
  • Description
  • Email
  • EmailPreferences
  • Fax
  • FirstName
  • Id
  • IsActive
  • IsDeleted
  • LanguageLocale
  • LastLoginDate
  • LastModifiedDate
  • LastName
  • LastReferencedDate
  • LastViewedDate
  • MobilePhone
  • Name
  • Phone
  • PhotoUrl
  • ProfileId
  • TimeZone
  • Title
  • Username
  • UserPermissions
  • UserRole
  • UserType

Endpoints Utilized

MethodEndpointPurposeDocs
GET/services/data/v38.0/queryQuery objects for data subject PII
GET/services/data/v38.0/sobjectsExtract PII fields from relevant objects

Deletion

Cyera's Salesforce integration provides Synchronous Deletion capabilities for the following supported identifier category: Email.

Data Interactions

For Deletion requests, Cyera will take the following actions:

  1. Search for Contacts and Leads containing the data subject email. Deletion of Users is not currently supported.
  2. Surface Cases, Opportunities, Tasks, and other custom objects related to the primary records.
  3. Delete all selected objects.
Anonymization

Anonymization is an alternative option to record Deletion, which scrubs selected PII fields on an object with anonymized replacements (e.g., <privacy-request-uuid>@privacy.cyera.io) so the record stays for reporting and can be traced back to the Cyera request.

  1. Notify your Customer Success Engineer that you'd like to utilize Anonymization.
  2. Connect Salesforce following the Connection Instructions.
  3. Cyera will scan available Salesforce objects and fields and provide a list of those likely to contain PII.
  4. Your Customer Success Engineer will review the results with you to finalize the field list for anonymization. We recommend reviewing the field list with your legal counsel and Salesforce admin to ensure the configuration is exhaustive.
  5. Share finalized field list with Cyera to complete the configuration.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/services/data/v38.0/queryQuery objects for data subject PII
GET/services/data/v38.0/sobjectsExtract PII fields from relevant objects
PATCH/services/data/v38.0/sobjects2Anonymize PII fields
DEL/services/data/v38.0/sobjects3Delete objects containing PII

 

Need help?
If you have any questions, please reach out to your dedicated Customer Success Engineer or contact us at support@cyera.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.