Skip to main content

Salesforce Events

Salesforce event integrations subscribe to Change Data Capture (CDC) channels and trigger handler functions as records are created, updated, deleted, or restored in your Salesforce organization. Use them for real-time CRM synchronization, audit logging, and event-driven workflows that react to Salesforce record changes without polling.

Creating a Salesforce events service

  1. Click + Add Artifact in the canvas or click + next to Entry Points in the sidebar.

  2. In the Artifacts panel, select Salesforce under Event Integration.

  3. In the creation form, fill in the following fields:

    Salesforce Events creation form

    FieldDescription
    AuthCredentials for connecting to Salesforce. Accepts a record expression with username and password fields. Required. By default, the listener uses SOAP-based authentication. You can change the auth type after creation under Listener Configuration.

    Expand Advanced Configurations to set the listener name.

    FieldDescriptionDefault
    Listener NameIdentifier for the listener created with this service.salesforceListener

  4. Click Create.

  5. WSO2 Integrator opens the service in the Service Designer. The canvas shows the attached listener pill and the Event Handlers section with all four handlers pre-added.

    Service Designer showing the Salesforce Events service canvas

    The four event handlers - onCreate, onUpdate, onDelete, and onRestore - are added automatically when the service is created. Click any handler to open it in the flow diagram view and implement the logic.

Listener configuration

In the Configure panel, set Auth to a record expression with relevant fields with optional values to set any of the values below. Click Save Changes to apply.

Salesforce Configiration

The listener supports two authentication modes: SOAP-based (username and password) and REST-based (OAuth 2.0). The same fields apply whether you configure the listener through the visual designer or directly in Ballerina code.

SOAP-based authentication

salesforce:SoapBasedListenerConfig fields:

FieldTypeDefaultDescription
authCredentialsConfigRequiredAuthentication credentials. Contains username (Salesforce username / email) and password. The password value must be the user password concatenated with the user's security token (<password><securityToken>, no separator).
isSandBoxbooleanfalseSet to true if connecting to a Salesforce sandbox environment.

REST-based authentication

salesforce:RestBasedListenerConfig fields:

FieldTypeDefaultDescription
baseUrlstringRequiredSalesforce instance URL.
authOAuth2ConfigRequiredOAuth 2.0 configuration. Pick one of BearerTokenConfig, OAuth2PasswordGrantConfig, OAuth2RefreshTokenGrantConfig, or OAuth2ClientCredentialsGrantConfig - see OAuth 2.0 auth variants below.
tokenStoreTokenStoreInMemoryTokenStoreToken store for coordinating refresh token rotation (RTR) across replicas. The default InMemoryTokenStore handles RTR automatically for single-replica deployments. For multi-replica deployments (e.g., multiple Kubernetes pods), provide a distributed implementation (e.g., Redis-backed) to prevent token replay conflicts.
note

Token Store and Refresh Token Rotation(RTR) only apply when using OAuth2RefreshTokenGrantConfig. RTR must also be enabled on the Salesforce side, in your Connected App settings, enable Refresh Token Rotation under OAuth policies. The other grant types bypass the TokenManager entirely.

Common optional fields

These fields apply to both SOAP and REST-based listener configurations:

FieldTypeDescription
replayFromint | ReplayOptionsReplay option: REPLAY_FROM_TIP, REPLAY_FROM_EARLIEST, or a specific replay ID.
connectionTimeoutdecimalConnection timeout in seconds.
readTimeoutdecimalRead timeout in seconds.
keepAliveIntervaldecimalKeep-alive interval in seconds.
apiVersionstringSalesforce Streaming API version.
sessionTimeoutintSession timeout in seconds.
proxyConfigProxyConfigOptional HTTP proxy configuration.

OAuth 2.0 auth variants

The Record Configuration panel's auth drop-down (and the corresponding Ballerina record types) exposes four grant configurations. Pick the one that matches how your Connected App is set up.

Config typeRequired fieldsUse when
BearerTokenConfigtokenYou already have a short-lived access token and refresh it out-of-band.
OAuth2PasswordGrantConfigtokenUrl, username, passwordYou authenticate as a Salesforce user with username + password (the password value must be <password><securityToken>, as for SOAP).
OAuth2RefreshTokenGrantConfigrefreshUrl, refreshToken, clientId, clientSecretYou have a long-lived refresh token from a Connected App authorization-code flow. Recommended for production.
OAuth2ClientCredentialsGrantConfigtokenUrl, clientId, clientSecretThe Connected App authenticates as itself (machine-to-machine), without a user context.

All three grant configs additionally accept these optional fields: scopes, defaultTokenExpTime, clockSkew, optionalParams, credentialBearer, clientConfig. OAuth2PasswordGrantConfig also accepts clientId, clientSecret, and refreshConfig as optional.

Event handlers

When a Salesforce Events service is created, WSO2 Integrator adds all four handlers automatically. Click any handler in the Service Designer to open the flow diagram view and implement the processing logic.

Handler types

HandlerTriggered whenUse when
onCreateA record is created in SalesforceSyncing new records to downstream systems
onUpdateA record is updated in SalesforcePropagating field changes or triggering workflows
onDeleteA record is deleted in SalesforceCleaning up related data or auditing deletions
onRestoreA deleted record is restored (undeleted)Recovering soft-deleted records in downstream systems
note

You do not need to implement logic in all four handlers. Leave empty any handlers that are not relevant to your use case.

Event data type

Each handler receives a salesforce:EventData parameter with the change payload and metadata.

salesforce:EventData fields:

FieldTypeDescription
changedDatamap<json>Map of changed field names to their new values.
metadatasalesforce:ChangeEventMetadata?Metadata about the change event.

salesforce:ChangeEventMetadata fields:

FieldTypeDescription
entityNamestring?API name of the sObject that changed (e.g., "Account").
changeTypestring?Type of change: CREATE, UPDATE, DELETE, or UNDELETE.
changeOriginstring?Source of the change (e.g., "com/salesforce/api/rest/57.0").
transactionKeystring?Unique key identifying the transaction.
sequenceNumberint?Sequence number of the event within the transaction.
commitTimestampint?Unix timestamp in milliseconds when the change was committed.
commitNumberint?Transaction commit number.
commitUserstring?ID of the user who initiated the change.
recordIdstring?The record ID affected by the change.

Supported event channels

The CDC channel the service subscribes to is determined by the service path in Ballerina code.

Channel typeChannel patternUse case
Object-specific CDC/data/<ObjectName>ChangeEventReact to changes on a specific sObject (e.g., /data/AccountChangeEvent)
All CDC events/data/ChangeEventsCapture change events across all CDC-enabled objects

What's next