Skip to content

Salesforce source

This event source acts as a consumer of the Salesforce stream API.

With tmctl:

tmctl create source salesforce --auth.clientID <clientID> --auth.server <server> --auth.user <user> --auth.certKey <certKey> <channel> --subscription.replayID <replayID>

On Kubernetes:

kind: SalesforceSource
  name: sample
    channel: /data/ChangeEvents
    replayID: -2

    clientID: salesforce.client_id
      value: my-key

      kind: RedisBroker
      name: triggermesh
  • Broker to send the events to.
  • Client ID as retrieved from Salesforce Connected App.
  • Server for authentication at Salesforce.
  • User for the Salesforce account.
  • Channel as configured at the Salesforce stream.

Events produced have the following attributes:

  • type

See the Kubernetes object reference for more details.


  • Salesforce Account
  • Salesforce Stream Channel
  • Certificate Key Secret

Salesforce Account

Salesforce source uses OAuth JWT credentials for service authentication.

  1. First, you will need to generate an X509 certificate for signing and verifying requests. We will be using OpenSSL but any other certificate generation tool should work.

    openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout tm-sf.key -out tm-sf.crt
  2. At Salesforce site select Setup > Apps > App Manager, click on New Connected App.

    • Fill in mandatory fields, then click Enable OAuth Settings.
    • A callback URL is mandatory but can be filled with any HTTPS data.
    • Enable Use digital signatures and upload the public cert (tm-sf.crt in the example above).
    • Add Scopes for api and refresh_token, offline_access.
    • Save.

    Salesforce connected app

    • Select the Connected App from the list and at the click on Manage.
    • Click Edit policies.
    • Set Permitted users to Admin approved users are pre-authorized.
    • Save.

    Connected app policies

    • Select the Connected App from the list and at the click on Manage.
    • Click Manage Profiles.
    • Add permissions on the data this user will have access to.
    • Save.
  3. Retrieve OAuth data to configure TriggerMesh Source.

  4. Select the Connected App from the list and at the click on View.

  5. Copy Consumer Key
  6. Reveal and copy Consumer Secret

Salesforce Stream Channel

Refer to Salesforce stream API on how to create stream channels:

  • Change Data Capture events: /data/ChangeEvents
  • PushTopics for streams based on single entity SOQL queries: /topic/TicketsSold
  • Standard Platform Events for Salesforce event monitoring: /event/LoginEventStream
  • Custom Platform Events for your SOQL platform events: /event/MyCustom__e

Each Streaming event type has a distinct set of features

Certificate Key Secret

The TriggerMesh Salesforce integration needs the certificate key to sign authentication requests with the Salesforce API. A secret needs to be created at TriggerMesh that contains that certificate key. The file name containing the key will need to be renamed to certKey, then select Secrets > + ADD SECRET, File Upload