CloudFiles Settings

overview this article walks you through all the settings available in the cloudfiles salesforce settings page this page consistes of several account level settings as well as the api keys account settings the account settings page contains all configuration options related to your salesforce connection these settings determine how cloudfiles authenticates, how events are delivered to salesforce, and how long event history is retained authentication methods cloudfiles offers two authentication options for connecting with salesforce oauth 2 0 (user authentication) client credentials flow (server to server authentication) 1\ oauth 2 0 (user authentication) oauth 2 0 is the most common and easiest method to connect cloudfiles to your salesforce org you simply log in using your salesforce username and password and grant permission for cloudfiles to access the org once connected, cloudfiles uses that user’s access to perform actions like creating records or reading data this method works using salesforce’s built in app framework— connected apps or external client apps , depending on your salesforce edition connected app vs external client app (what’s the difference?) salesforce historically used connected apps to manage oauth access for external services when you installed cloudfiles, a managed connected app was included in the package so cloudfiles could authenticate through it salesforce later introduced external client apps as the modern version of connected apps for managed packages functionally, they do the same thing—they allow external applications like cloudfiles to connect and request access tokens—but external client apps offer better long term security management clearer controls for integration policies a simplified interface for enabling flows like client credentials 2\ client credentials flow (recommended for production) the client credentials flow creates a server to server connection between cloudfiles and salesforce instead of relying on a human to log in, cloudfiles uses a salesforce issued client id and client secret to authenticate automatically in salesforce setup, an admin enables client credentials inside the cloudfiles external client app and selects a run as integration user cloudfiles then performs all salesforce operations under that integration user’s permissions no user login or refresh token is required the client credentials flow also allows you to use a salesforce integration user license instead of assigning a full salesforce license to a human user integration licenses are significantly more affordable and are included in many salesforce subscriptions, making this option cost effective as well as technically stable this creates a stable, hands off, long term connection when to use oauth vs client credentials now that both methods are defined, here’s how to choose the right one use oauth 2 0 when you are setting up cloudfiles for the first time you are working in a sandbox or testing environment it’s acceptable for the connection to depend on a specific salesforce user oauth is great for getting started quickly, but the connection can break if the user is deactivated, restes their password, or if the refresh token expires use client credentials flow when you are configuring a production org you want a stable, long term connection that never requires re login you want to avoid dependencies on individual user accounts client credentials flow is the recommended approach for all production environments because it is more reliable, more secure, and easier to maintain event mode cloudfiles sends events to salesforce whenever important actions occur (folder creation, file uploads, etc ) you can choose how these events are delivered 1\ custom object mode (preferred) in this mode, cloudfiles creates a cloudfiles event record inside salesforce for each event this is the recommended option for most users because it works directly with record triggered flows events are easy to inspect and debug event history is fully visible inside salesforce this mode is simple and reliable, which is why it’s the default 2\ platform event mode platform events are real time event messages published to salesforce’s event bus they are useful for advanced architectures or high volume streaming scenarios however they are harder to debug missed events cannot be inspected later you must configure flow or apex subscribers event retention policy if you're using custom object mode, cloudfiles stores event records in salesforce the event retention days setting controls how long these records are kept before cloudfiles automatically deletes them the default value is 7 days however you can increase the number to retain longer history or decrease it to save salesforce storage api keys the api keys section provides two important credentials used for advanced or external integrations with cloudfiles the webhook secret key and the cloudfiles api key the webhook secret key is used to verify incoming webhook requests that are sent to cloudfiles from external systems such as sharepoint, onedrive, or custom automation workflows whenever an external service notifies cloudfiles about a file event, it must include this secret key in the request header so cloudfiles can confirm the request is legitimate this ensures that only trusted systems can trigger cloudfiles events the cloudfiles api key , on the other hand, is used when making authenticated requests to the cloudfiles rest api from custom servers or backend applications developers rely on this key when building programmatic file uploads, generating cloudfiles links through external services, or integrating cloudfiles with other platforms outside salesforce