Salesforce Integration Interview Questions & Patterns Guide — SFX Support

1. Introduction to Salesforce Integration

In today's interconnected business world, Salesforce rarely operates in isolation. It often needs to exchange data and trigger processes with other systems — ERPs, marketing automation platforms, data warehouses, and custom applications. This connectivity is achieved through Salesforce Integration.

Effective integration ensures that data is consistent, processes are streamlined across systems, and a holistic view of customers and operations is maintained. Without proper integration, businesses face data silos, manual data entry, and inefficient workflows.

Why is Integration Important?

• Data Consistency: Ensures data is accurate and up-to-date across all connected systems.
• Process Automation: Automates end-to-end business processes that span multiple applications.
• Enhanced Customer View: Provides a 360-degree view of the customer by consolidating information from various sources.
• Improved Efficiency: Eliminates manual data entry and reduces human error.
• Real-time Insights: Enables real-time data exchange for immediate decision-making.
• Scalability: Supports growing business needs by allowing systems to communicate seamlessly.

This module covers the most common Salesforce integration patterns, the technologies available to implement them, and best practices for building robust and scalable integrations.

2. Common Integration Patterns

Integration patterns are reusable solutions to common integration challenges. Understanding these patterns helps in designing robust and efficient data exchange mechanisms between Salesforce and external systems.

a. Request and Reply (Synchronous)

• Description: Salesforce sends a request to an external system and waits for an immediate response.
• Use Cases: Real-time validation (credit scores, address validation), fetching current inventory levels, single record lookups, immediate data updates requiring instant feedback.
• Salesforce Technologies: Apex Callouts (HTTP, SOAP, REST), LWC invoking Apex, External Services.
• Considerations:
  • Governor Limits: 100 callouts per transaction, 120 seconds cumulative timeout.
  • User Experience: Long-running synchronous calls can cause page freezes. Keep response times under 5–10 seconds.
  • Error Handling: Immediate feedback on success or failure, but requires robust handling of external system downtime.

b. Fire and Forget (Asynchronous)

• Description: Salesforce sends a message or data to an external system and does not wait for an immediate response. The external system processes asynchronously.
• Use Cases: Sending notifications (SMS, email via external service), logging to an external system, triggering long-running external processes, sending data to a data warehouse.
• Salesforce Technologies: Platform Events, Outbound Messages, Apex Callouts via @future, Queueable Apex, or Batch Apex.
• Considerations:
  • Reliability: Requires mechanisms to ensure message delivery (message queues, guaranteed delivery).
  • Order of Processing: If strict order is critical, additional mechanisms may be needed.
  • No Immediate Feedback: User is not immediately aware of the outcome.

c. Batch Data Synchronization

• Description: Large volumes of data are exchanged between Salesforce and an external system at scheduled intervals — an asynchronous, bulk-oriented pattern.
• Use Cases: Daily/weekly sync of customer master data, product catalogs, historical sales data, initial data loads, data archiving.
• Salesforce Technologies: Batch Apex, Data Loader, ETL tools (MuleSoft, Informatica, Talend), Heroku Connect.
• Considerations: High volume design minimizing API calls; robust scheduling, data transformation, and error logging for failed records.

d. Remote Call-in

• Description: An external system initiates a connection to Salesforce to retrieve or send data. Salesforce acts as the server.
• Use Cases: External reporting tools pulling Salesforce data, e-commerce sites pushing new orders, mobile apps accessing Salesforce data.
• Salesforce Technologies: REST API, SOAP API, Bulk API, Streaming API, @RestResource, webService keyword.
• Considerations: Proper OAuth authentication, API request limits, IP whitelisting, HTTPS encryption.

e. Remote Call-out

• Description: Salesforce initiates a connection to an external system to retrieve or send data. Salesforce acts as the client.
• Use Cases: Sending order details to an ERP, fetching data from a legacy system, integrating with payment gateways or shipping carriers.
• Salesforce Technologies: Apex Callouts, External Services, Lightning Connect.
• Considerations: Remote Site Settings or Named Credentials required; subject to callout limits; often requires async Apex to avoid UI blocking.

f. Change Data Capture (CDC) / Event-Driven

• Description: Salesforce publishes events for changes to records (create, update, delete, undelete). External systems subscribe to receive real-time notifications — a highly scalable and decoupled pattern.
• Use Cases: Real-time sync with external systems, triggering external processes on Salesforce data changes, maintaining external data warehouses in sync.
• Salesforce Technologies: Change Data Capture (CDC) events, Platform Events.
• Considerations: High event volumes; subscribers must handle duplicates and ensure idempotency; order is guaranteed per record, not across records.

3. Integration Technologies: Salesforce APIs Overview

Salesforce provides a rich set of APIs as the primary programmatic interface for external applications to interact with Salesforce data and metadata.

a. REST API

A flexible, lightweight, widely adopted web service API based on RESTful principles using standard HTTP methods (GET, POST, PUT, PATCH, DELETE).

• Key Features: Resource-oriented URIs, stateless, JSON/XML support, standard HTTP methods.
• Common Endpoints:
  • /services/data/vXX.0/sobjects/ — Interact with standard and custom objects.
  • /services/data/vXX.0/query/?q=SOQL_QUERY — Execute SOQL queries.
  • /services/data/vXX.0/composite/ — Combine multiple API requests in a single call.
  • /services/data/vXX.0/actions/ — Invoke invocable Apex actions.
• Use Cases: Mobile apps, single-page web applications, real-time low-to-medium volume data exchange, custom UI development.

b. SOAP API

A robust, XML-based web service API with a strongly typed interface defined by a WSDL file — describing all available operations, data types, and service endpoints.

• Key Features: WSDL-driven client generation, strongly typed, transaction-oriented.
• Use Cases: Enterprise integrations requiring strict data contracts, complex transactions, legacy system integrations.

c. Bulk API

An asynchronous API optimized for loading or querying large datasets (50,000 to millions of records). Processes records in batches for maximum efficiency.

• Process: Create Job → Upload Batches → Close Job → Monitor Status → Retrieve Results.
• Bulk API 2.0: Simplifies the process by combining steps, more efficient for very large volumes.
• Use Cases: Data migrations, large-scale nightly syncs with ERPs, mass updates/deletions.

d. Streaming API

Enables real-time notifications of changes in Salesforce data or custom events using a publish-subscribe model.

• PushTopic Events: Custom SOQL queries streaming changes to specific fields. Older but still supported.
• Platform Events: Custom events for decoupled, asynchronous communication — highly scalable and publishable from Apex, Flow, or external systems.
• Change Data Capture (CDC) Events: Standard events for record changes (create, update, delete, undelete) with guaranteed order per record. Recommended for real-time data replication.
• Use Cases: Real-time dashboards, event-driven architectures, IoT device integration, external data warehouse sync.

e. Metadata API

Used to retrieve, deploy, create, update, or delete customization information (metadata) in your org — essential for programmatic configuration management.

• Use Cases: CI/CD pipelines, automated configuration management, building deployment tools, migrating customizations between orgs.

4. OAuth Flows for Salesforce Integration

OAuth 2.0 is the industry-standard protocol for authorization. Salesforce uses OAuth to allow users to securely authorize external applications to access their Salesforce data without sharing credentials. A Connected App in Salesforce defines the OAuth policies and permissions (scopes) for an external application.

a. Web Server Flow

• Purpose: Ideal for confidential web applications (server-side) that can securely store a client secret.
• Process: User redirected to Salesforce → logs in and grants access → Salesforce redirects back with an auth code → server exchanges code for access token using client ID + secret.
• Security: High — client secret is never exposed to the browser.
• Use Cases: Server-side web applications, backend-handled authentication.

b. User-Agent Flow (Implicit Flow)

• Purpose: For public client-side applications (JavaScript SPAs, mobile apps) that cannot securely store a client secret.
• Security: Lower — tokens are exposed in the URL fragment. Refresh tokens typically not issued.
• Use Cases: Single-page applications, mobile apps.

c. JWT Bearer Flow

• Purpose: Server-to-server integrations with no direct user interaction (headless integrations).
• Process: External app creates a JWT signed with a digital certificate uploaded to the Connected App → sent to Salesforce OAuth endpoint → Salesforce returns an access token.
• Security: Very high — relies on digital signatures, no credentials exchanged.
• Use Cases: Automated batch processes, scheduled integrations, data synchronization, headless integrations.

d. Username-Password Flow

• Purpose: For highly trusted clients (command-line tools, desktop apps) that can securely store Salesforce credentials.
• Security: Lowest among OAuth flows.

Not recommended for general use due to security risks of storing credentials. Avoid if other flows are possible — use only for trusted internal command-line utilities or initial setup.

e. Device Flow

• Purpose: For devices with limited input capabilities (smart TVs, IoT devices, CLI tools) that cannot host a web browser.
• Use Cases: IoT, embedded devices, CLI tools.

f. Asset Token Flow

• Purpose: Designed for authenticating IoT devices or connected assets to securely interact with Salesforce.
• Use Cases: IoT solutions, asset management, connecting physical devices to Salesforce.

Choosing the Right Flow: Always prioritize flows that do not require storing user credentials (Web Server, JWT Bearer, Device Flow). The choice depends on client type, security requirements, and user interaction model.

5. Declarative Integration Tools

Salesforce offers powerful declarative (clicks-not-code) tools that enable administrators and low-code developers to build integrations, reducing the need for custom Apex development.

a. External Services

• Description: Declaratively connect Salesforce to external APIs by importing an OpenAPI (Swagger) specification. Salesforce automatically generates Apex classes and Flow actions.
• How it Works: Provide an OpenAPI JSON/YAML file → Salesforce parses it and creates invocable actions usable in Flow or Apex.
• Use Cases: Invoking payment gateways or shipping label generation from Flow, retrieving data from external systems in Flow.
• Benefits: Faster development, reduced code, easier maintenance, empowers admins.

b. Salesforce Connect (External Objects)

• Description: Access data stored outside Salesforce in real-time without copying it into Salesforce. External objects map to external data via OData 2.0, OData 4.0, or Apex Custom Adapter.
• How it Works: Salesforce queries the external system via the adapter whenever a user or process accesses the external object — data always resides in the external system.
• Use Cases: Displaying real-time order history from SAP, accessing legacy database data, real-time inventory that doesn't need to be stored in Salesforce.
• Considerations: Performance depends on external system response time and network latency; subject to Salesforce Connect limits.

c. Outbound Messages

• Description: A legacy declarative tool that sends a SOAP message (XML) to an external endpoint when a record meets certain criteria via Workflow Rule or Flow.
• Limitations: Limited functionality, no retry mechanism, being phased out in favor of Platform Events.

Not recommended for new integrations. Use Platform Events instead.

d. Platform Events (Declarative Usage)

• Publishing: Use a "Create Records" element in Flow to publish a Platform Event.
• Subscribing: Use a "Platform Event Triggered Flow" to subscribe and execute logic when an event message is received.
• Benefits: Decoupled, asynchronous, scalable, robust event-driven architecture with low-code options.

6. Programmatic Integration Tools (Apex)

For complex integration scenarios, custom logic, or when declarative tools are insufficient, Apex provides powerful capabilities to interact with external systems.

a. Apex Callouts (HTTP, REST, SOAP)

• Description: Apex code can make HTTP callouts to external web services, supporting both RESTful and SOAP-based integrations.
• Key Classes:
  • HttpRequest — Constructs the HTTP request (method, endpoint, headers, body).
  • HttpResponse — Represents the response (status code, body, headers).
  • Http — Sends the request and receives the response.
• Key Considerations:
  • Callouts from trigger context must be async: @future(callout=true), Queueable, or Batch Apex.
  • Use Named Credentials (preferred over Remote Site Settings) for secure endpoint management.
  • Robust try-catch blocks for network issues, timeouts, and unexpected responses.

public class MyRestCallout {
    public static void sendOpportunityToERP(Id opportunityId) {
        Opportunity opp = [SELECT Name, Amount, CloseDate FROM Opportunity WHERE Id = :opportunityId];

        HttpRequest req = new HttpRequest();
        req.setMethod('POST');
        req.setEndpoint('callout:MyERPIntegration/api/opportunities'); // Named Credential
        req.setHeader('Content-Type', 'application/json');

        Map<String, Object> requestBody = new Map<String, Object>();
        requestBody.put('opportunityName', opp.Name);
        requestBody.put('amount', opp.Amount);
        requestBody.put('closeDate', opp.CloseDate);
        req.setBody(JSON.serialize(requestBody));

        Http http = new Http();
        try {
            HttpResponse res = http.send(req);
            if (res.getStatusCode() == 200 || res.getStatusCode() == 201) {
                System.debug('ERP Integration Success: ' + res.getBody());
            } else {
                System.debug('ERP Integration Error: ' + res.getStatusCode() + ' - ' + res.getBody());
            }
        } catch (System.CalloutException e) {
            System.debug('Callout Exception: ' + e.getMessage());
        }
    }
}

b. Inbound Apex Web Services

• Description: Apex classes can be exposed as web services (RESTful or SOAP) that external systems can call.
• Key Annotations:
  • @RestResource(urlMapping='/services/apexrest/MyEndpoint/*') — Exposes class as a RESTful service. Methods annotated with @HttpGet, @HttpPost, @HttpPut, @HttpDelete, @HttpPatch.
  • global static webService void mySoapMethod(...) — Exposes method as a SOAP web service.
  • @InvocableMethod — Makes an Apex method available to Flow, Process Builder, or REST API.
• Considerations: Implement OAuth/Session ID authentication; ensure bulkification; return meaningful error responses.

c. Platform Events (Programmatic Usage)

• Publishing from Apex: Create instances of the Platform Event object and publish via EventBus.publish(events).
• Subscribing from Apex: Use an Apex trigger on the Platform Event object: trigger MyEventTrigger on My_Platform_Event__e (after insert) { ... }
• Benefits: Decoupling of systems, asynchronous processing, scalability, event replayability.

7. Middleware & iPaaS Solutions

For complex enterprise integration landscapes, Middleware or Integration Platform as a Service (iPaaS) solutions sit between Salesforce and other systems, facilitating data transformation, routing, orchestration, and error handling.

What They Do

• Connectors: Pre-built connectors to various applications including Salesforce.
• Data Transformation: Map and transform data formats between disparate systems.
• Orchestration: Coordinate complex multi-step processes spanning multiple applications.
• Routing: Direct messages to the correct destination.
• Error Handling & Monitoring: Centralized mechanisms for managing errors and tracking performance.
• Security: Manage authentication, authorization, and encryption.

Popular iPaaS Solutions

• MuleSoft Anypoint Platform (Salesforce product) — Leading integration platform with extensive API management, data transformation, and connectivity. The preferred choice for complex Salesforce-centric integrations.
• Boomi Integration — Wide range of connectors and visual development tools.
• Workato — Focuses on intelligent automation and enterprise-grade integration.
• Jitterbit — Low-code approach with AI capabilities.

When to Use iPaaS

• Many-to-many integrations (connecting multiple systems).
• Complex data transformations.
• Centralized monitoring and governance requirements.
• High transaction volumes requiring scalable infrastructure outside Salesforce.
• Requirements for robust error handling and retry mechanisms.

8. Integration Best Practices

Building robust and scalable Salesforce integrations requires adherence to key best practices:

• Define Requirements Clearly: Understand data volumes, frequency, real-time vs. batch needs, security, and error handling upfront.
• Choose the Right Pattern & Technology: Select the most appropriate pattern (synchronous, asynchronous, batch, event-driven) and technology for the specific use case.
• Security First:
  • Use OAuth 2.0 flows that don't require storing Salesforce credentials (Web Server, JWT Bearer, Device). Avoid Username-Password flow.
  • Use Named Credentials for Apex callouts — they handle authentication securely.
  • Restrict API access via Connected App policies and Permission Sets.
  • Encrypt data in transit (HTTPS) and implement IP whitelisting.
• Handle Governor Limits:
  • Bulkify all DML and SOQL operations.
  • Use async Apex (@future, Queueable, Batch) for callouts from triggers.
  • Minimize API calls by aggregating data.
• Error Handling & Retry Mechanisms: Robust try-catch blocks; strategies for failures (logging, notifications, graceful degradation); exponential backoff for transient errors.
• Idempotency: Design so that performing an operation multiple times has the same effect as once — critical for handling retries and duplicate messages.
• Data Transformation & Mapping: Define data mapping rules clearly and perform transformations at the most appropriate layer.
• Logging & Monitoring: Comprehensive logging (custom objects, platform events, external logging services) and monitoring to track health, performance, and errors.
• Version Your APIs: Use versioned endpoints (e.g., /services/data/vXX.0/) to ensure future compatibility.
• Test Thoroughly: Unit tests, integration tests, and performance tests with realistic data volumes are critical.

9. Error Handling & Monitoring

Robust error handling and proactive monitoring are vital for integration reliability. Issues in one system can quickly cascade, causing data inconsistencies and business disruptions.

a. Error Handling Strategies

• Graceful Degradation: Design integrations to continue functioning with reduced capabilities if an external system is temporarily unavailable.
• Retry Mechanisms: For transient errors, implement automatic retries with exponential backoff. Use Queueable or Batch Apex for controlled retry logic; store failed requests in a custom object for a scheduled job to reprocess.
• Dead-Letter Queues (DLQ): For messages that repeatedly fail, move them to a DLQ for manual inspection and reprocessing (typically managed by iPaaS or message queue systems).
• Alerting: Set up alerts (email, Chatter, external monitoring tools) for critical failures, timeouts, or performance degradation.
• Comprehensive Logging: Log request/response payloads, status codes, error messages, timestamps, and record IDs.
  • Salesforce Debug Logs: Useful for Apex-level debugging.
  • Custom Log Objects: Create a custom object (e.g., Integration_Log__c) to store transaction details and errors.
  • Platform Events: Publish custom error events for external monitoring systems to subscribe to.

b. Monitoring Tools & Techniques

• Salesforce Setup: API Usage Notifications, Apex/Batch/Scheduled Jobs monitoring, Debug Logs, Connected Apps Usage, Flow Error Emails.
• Custom Dashboards & Reports: Build Salesforce reports and dashboards on custom log objects to visualize integration health and identify trends.
• External APM Tools: Integrate with Splunk, DataDog, or New Relic for end-to-end transaction tracing, performance metrics, and centralized logging across your entire application ecosystem.
• iPaaS Dashboards: Leverage built-in monitoring dashboards for a comprehensive view of all integration flows.

A proactive approach to error handling and monitoring minimizes downtime, improves data quality, and builds trust in your integrated systems.

10. Integration Governance & Documentation

Beyond technical implementation, robust integration requires proper governance and thorough documentation to ensure maintainability, scalability, and long-term success.

a. Integration Governance

• Strategy & Architecture: Define clear integration strategy, architectural principles (API-first, event-driven), and standards (naming conventions, error codes).
• Ownership & Responsibilities: Clearly assign ownership for each integration point and define roles (business owner, technical owner, support team).
• Security Policy: Establish and enforce policies around data access, authentication, authorization, and encryption.
• Performance Standards: Define acceptable performance benchmarks (response times, throughput) and ensure integrations meet them.
• Change Management: Rigorous process for existing integrations — impact analysis, testing, and deployment procedures.
• Center of Excellence (CoE): For large organizations, centralize expertise to share best practices and ensure consistency across projects.

b. Documentation

Comprehensive documentation is critical for understanding, maintaining, and troubleshooting integrations.

• Integration Design Document (IDD): Purpose & business context, integration pattern, systems involved, data flow diagram, data field mapping, authentication details, error handling strategy, monitoring approach, deployment & rollback steps, assumptions & dependencies.
• API Documentation: For custom inbound Apex web services, provide OpenAPI specs or Postman collections for external consumers. Reference official Salesforce API docs for standard APIs.
• Code Comments: Well-commented Apex code explaining complex logic, callout details, and error handling.
• Runbook / Playbook: For support teams — detailed steps on how to monitor, troubleshoot common issues, and restart integrations.

Effective governance and documentation transform integrations from ad-hoc solutions into well-managed, reliable assets within your enterprise architecture.

11. Conclusion & Future Trends

Salesforce integration is a vast and continuously evolving domain, critical for connecting your Salesforce org to the broader enterprise ecosystem. By understanding common patterns, leveraging Salesforce's rich set of APIs and declarative tools, and adhering to best practices, you can build robust, scalable, and secure solutions.

Key Takeaways

• Pattern-Driven Design: Choose the right integration pattern (Request-Reply, Fire & Forget, Batch, Remote Call-in/out, Event-Driven) based on business needs.
• API Mastery: Understand when to use REST, SOAP, Bulk, Streaming, or Metadata APIs.
• OAuth Security: Prioritize secure OAuth flows (Web Server, JWT Bearer) and use Named Credentials.
• Declarative First: Leverage External Services, Salesforce Connect, and Platform Events with Flow for low-code integrations.
• Apex for Complexity: Use Apex Callouts for custom complex logic, always bulkifying and handling limits.
• iPaaS for Enterprise: Consider MuleSoft for complex, many-to-many enterprise integration landscapes.
• Robustness & Scalability: Implement error handling, retry mechanisms, logging, and monitoring. Design for idempotency.
• Governance & Documentation: Treat integrations as critical assets requiring clear ownership, policies, and thorough documentation.

Future Trends

• Event-Driven Architectures: Increased adoption of Platform Events and CDC for real-time, decoupled integrations.
• Low-Code/No-Code Integration: Salesforce will continue to enhance declarative tools (Flow + External Services) to empower more users.
• API-First Approach: Greater emphasis on designing reusable APIs for internal and external consumption.
• AI & Automation: Integration of AI to automate data mapping, error resolution, and intelligent routing.
• Unified Data Fabric: Move towards a holistic view of data across disparate systems, facilitated by iPaaS and data virtualization.

By staying current with these trends and continually refining your integration skills, you'll be well-equipped to build the connected and intelligent Salesforce ecosystems of the future.