Data actions are all REST API calls (well, specifically HTTP calls that support JSON and use the verbs GET, PUT, POST, and PATCH, which could also technically describe GRAPH API calls as well).
The Security token is used as part of the initial authentication call into SFDC. It is stored with the other credential secrets in a credential service, which is a purpose built store for customer supplied secrets used to access external systems. I can't get into too many details with regards to how it functions on this forum, but it is built with security in mind. Credentials are never logged.
Data Action calls (for all systems, not just salesforce) will use a cached authorization token to attempt to make the initial request. If we receive an "unauthenticated" response, we will rerun the authorization request to receive a new authorization token, then retry the initial API call. When the response is received, it is process internally (using the data action configuration), and the formatted response (conforming to the defined output contract) is returned to the calling service.
For more details than that, you will need to engage in a conversation with the Genesys Cloud security team, as a fair amount of that information is covered under non-disclosure agreements that will need to be in place prior to those conversations.
------------------------------
Richard Schott
Genesys - Employees
------------------------------
Original Message:
Sent: 08-26-2020 09:18
From: Anurag Gusain
Subject: Salesforce Data Action
Thanks Richard for your response !
Below is what i am looking for as a request by our client security team -
1. What is the type of the web service call in getting the token generated by using Salesforce Data Action (Is it SOAP or REST) ?
2. How we use the security token when accessing Salesforce Data Action ?
3. Does it uses the same way we access Web Service via Postman ?
4. Do we store these credentials anywhere in Genesys Server logs ?
5. Can you please let us know Step by step approach Genesys uses to Authenticate, Send request and getting response back from Salesforce using Salesforce Data Action.
We need your help to prove security team that the Data Action call is Secure and no where it can be compromised by the hackers !
------------------------------
Anurag Gusain
Cognizant Technology Solutions India
Original Message:
Sent: 08-11-2020 09:03
From: Richard Schott
Subject: Salesforce Data Action
The Salesforce data action integration uses the Username-Password oauth flow to generate an authorization token that is used on the actual API calls. You do not have control over the configuration of that authorization call, as it is handled in the background by the PureCloud service.
------------------------------
Richard Schott
Genesys - Employees
Original Message:
Sent: 08-10-2020 21:36
From: Anurag Gusain
Subject: Salesforce Data Action
We are using Salesforce Data Action to integrate with Salesforce where in integration section we have configured salesforce provided client token, user name & password.We are using Salesforce Data Action to integrate with Salesforce where in integration section we have configured salesforce provided client token, user name & password.
Just want to check when we use this integration into the Action what URL is going to be formed at the backend.
Does it going to contain User Name, Password & token in the Request URL like below or not ?
POST /services/token?grant_type=password&client_id= REDACTED&client_secret= REDACTED &username= REDACTED &password= REDACTED HTTP/1.1
#Integrations
------------------------------
Anurag Gusain
------------------------------