Genesys Cloud - Developer Community!

Customer without Sales force Cloud license has to be connected to SF for Customer authentication/profiling. We proposed to connect it by Genesys Data Action integration available. This integration connects to SF by User with Token. According to customer this type of connection is obsolete by Sales force and External Client App is a way of connection that should be used.  What is our options to connect Data Action to Sales  by  External Client App? It can be configured or developed without purchasing Genesys Sales Force Voice cloud license?

Hi Boris,

I haven't implemented this specifically with Salesforce, but we've used a similar approach with other CRM integrations using a JWT-based OAuth pattern.

In our case, we used a middleware layer (Genesys Functions) to:

• Handle authentication (JWT token generation/exchange)
• Call the CRM APIs
• Return the required data back to Genesys via a Data Action

From a Genesys perspective, the Data Action simply calls the middleware endpoint, which abstracts the authentication complexity.

This pattern should align well with Salesforce's Connected App / External Client App approach, where JWT or client credentials flows are typically used instead of username + token authentication.

Also, since this is API-based integration, it should not require the Salesforce Voice / CX Cloud license is my understanding.

Hope this helps.

Hi Boris,

Yes, you can integrate Genesys Cloud Data Actions with Salesforce without purchasing the Salesforce Voice / CX Cloud license, because this is purely an API-level integration.

However, your customer is also correct regarding authentication best practices.

About username + token authentication

The traditional:

• username
• password
• security token

pattern is still technically supported by Salesforce in some scenarios, but many customers now consider it legacy/less secure compared to OAuth-based Connected Apps / External Client Apps.

Recommended approach

The best production architecture is usually:

Genesys Cloud Data Action
→ Middleware/API Layer
→ Salesforce Connected App / External Client App
→ Salesforce APIs

Why middleware is recommended

Genesys Data Actions have limitations when handling:

• complex OAuth flows
• JWT assertion generation
• token lifecycle management
• certificate-based auth

A middleware layer gives you:

• centralized authentication handling
• token caching/refresh
• better observability
• retry/error handling
• security isolation

Common implementation patterns

Most common approaches are:

• AWS Lambda + API Gateway
• Genesys Functions
• Node.js middleware
• Azure Functions

Recommended auth flow

For Salesforce External Client App / Connected App, the most common enterprise pattern is:

• OAuth 2.0 JWT Bearer Flow
  or
• Client Credentials Flow (if enabled/supported by org policies)

This avoids storing user passwords/tokens in Genesys integrations.

Important point

You do not need:

• Salesforce Service Cloud Voice
• CX Cloud package
• native Salesforce integration license

unless you specifically want:

• embedded softphone
• Omni integration
• SCV capabilities
• unified agent experience

For customer authentication/profile lookup, standard API integration is enough.

My recommendation

For production:

• avoid direct username/token auth from Data Actions
• use middleware + OAuth/JWT with Connected App
• keep Genesys responsible only for orchestration

This architecture is much more scalable, secure, and aligned with modern Salesforce security practices.

Hello Boris,

Considering the scalability aspect, We have implemented the integration between Genesys and Salesforce via a Middleware Application using Webservices Integrations.

Salesforce integration for Data Actions can simply use the standard Web Services Data Actions integration instead of the "legacy" Salesforce one. You can then just set OAUTH 2 as the credential type and label it as "Salesforce via OAUTH" or similar.

Genesys can't necessarily update the existing Integration without breaking a number of customers that use that model.

the username/password auth flow had been supported by Salesforce for quite some time.  It wasn't until recently that Salesforce announced they stopped supporting it (even if it was not their recommended practice), and that end of support is targeted for the upcoming Winter release.  In response to this announce are finalizing development on support for Client Credential Grant access to Salesforce, which is enabled via External Connected Apps on the Salesforce platform.  Release of Client Credential grant support with Salesforce Data Actions will be coming in the next couple of weeks, along with documentation on how to migrate from Username/Password to Client Credential grant for existing customers (tl;dr, you just update the credentials on the integration; no need to make changes to the data actions themselves.)  We do highly recommend testing the new credentials in a different integration prior to implementing on an integration that serves data actions that are used in production.

Hi @Richard Schott,
is this update related to this idea? https://genesyscloud.ideas.aha.io/ideas/OP-I-1127

Yes.