Integrating Salesforce Webhooks with Your Application

This guide walks you through setting up a Salesforce outbound message (webhook) and handling the incoming payload securely in your application.

Prerequisites

• Salesforce Administrator access.
• HTTPS endpoint with a valid TLS certificate.
• Server capable of handling POST requests (Node.js, Python, etc.).

Step 1: Create an Outbound Message in Salesforce

1. Navigate to Setup > Platform Tools > Process Automation > Outbound Messages.
2. Click New Outbound Message.
3. Select the object (e.g., Contact) you want to monitor.
4. Choose the fields to include in the payload.
5. Enter your endpoint URL (e.g., https://yourdomain.com/api/salesforce/webhook).
6. Save the outbound message.

Step 2: Add the Outbound Message to a Workflow Rule

1. Go to Setup > Workflow Rules.
2. Create a new rule for the same object.
3. Define the evaluation criteria (e.g., created or edited).
4. Add a Workflow Action > Outbound Message and select the message you created.
5. Activate the rule.

Step 3: Implement the Receiving Endpoint

Below is a minimal Node.js/Express example. Adjust for your preferred language.

const express = require('express');
const bodyParser = require('body-parser');
const crypto = require('crypto');

const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());

function verifySignature(req) {
  const signature = req.headers['salesforce-signature'];
  if (!signature) return false;
  const hmac = crypto.createHmac('sha256', process.env.SALESFORCE_SECRET);
  hmac.update(JSON.stringify(req.body));
  const expected = hmac.digest('hex');
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

app.post('/api/salesforce/webhook', (req, res) => {
  if (!verifySignature(req)) {
    return res.status(403).send('Invalid signature');
  }
  // Process the payload
  console.log('Received payload:', req.body);
  // Respond with 200 OK as required by Salesforce
  res.status(200).send('OK');
});

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => console.log(`Server listening on ${PORT}`));
  

Step 4: Test the Integration

1. Create or update a record that triggers the workflow.
2. Check your server logs for the incoming payload.
3. Verify that Salesforce shows the message status as “Delivered”.

Troubleshooting

• 401/403 errors: Ensure the signature verification secret matches the one configured in Salesforce.
• Timeouts: Salesforce expects a response within 10 seconds. Keep processing lightweight or offload to background jobs.
• SSL Issues: Use a certificate from a trusted CA; self‑signed certificates will be rejected.