Sf Integration

Name: Sf Integration
Author: clientell-ai

clientell-ai/salesforce-skills

Configure Salesforce Named Credentials, auth flows, and integration metadata XML when wiring external APIs into Apex or Flow.

Install

npx skills add https://github.com/clientell-ai/salesforce-skills --skill sf-integration

What is this skill?

Legacy and Enhanced Named Credential XML templates with Password, OAuth, JWT, JwtExchange, AwsSv4, and NoAuthentication
Enhanced Named Credential fields: externalCredential, generateAuthorizationHeader, merge-field body/header guards
Explicit scope split: configuration metadata here; Apex callout patterns live in sf-apex integration-patterns reference
Principal types documented (NamedUser, Anonymous) for URL whitelisting-only integrations
Architecture decision guides for auth flow selection during integration setup

Adoption & trust: 1 installs on skills.sh; 7 GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Auth Basicsfirebase/agent-skills

firebase-auth-basics is a guided agent skill for solo builders implementing Firebase Authentication in web or mobile-bac…75.7k installs·345 stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Journey fit

Primary fit

BuildIntegrations & version control

Build is where CRM callouts and external endpoints are designed and deployed as metadata—not a launch or growth activity. Integrations subphase is the shelf for Named Credential templates, auth protocol choices, and architecture notes distinct from Apex callout code patterns.

Common Questions / FAQ

Is Sf Integration safe to install?

skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Sf Integration

# Integration Configuration Reference

Metadata XML templates, auth flow details, and architecture decision guides for Salesforce integration setup.

> **Scope**: This file covers configuration and metadata. For Apex callout code patterns, see [integration-patterns.md](../../sf-apex/references/integration-patterns.md).

---

## 1. Named Credential XML Templates

### Legacy Named Credential -- Password Auth

```xml
<?xml version="1.0" encoding="UTF-8"?>
<NamedCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Legacy_Service</fullName>
    <label>Legacy Service</label>
    <endpoint>https://api.example.com/v1</endpoint>
    <principalType>NamedUser</principalType>
    <protocol>Password</protocol>
    <username>service_account</username>
</NamedCredential>
```

Legacy `protocol` values: `Password`, `Oauth`, `Jwt`, `JwtExchange`, `AwsSv4`, `NoAuthentication`. For no-auth (URL whitelisting only), set `principalType` to `Anonymous` and `protocol` to `NoAuthentication`.

### Enhanced Named Credential

```xml
<?xml version="1.0" encoding="UTF-8"?>
<NamedCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Enhanced_Service</fullName>
    <label>Enhanced Service</label>
    <endpoint>https://api.example.com/v2</endpoint>
    <externalCredential>Enhanced_Service_Auth</externalCredential>
    <generateAuthorizationHeader>true</generateAuthorizationHeader>
    <allowMergeFieldsInBody>false</allowMergeFieldsInBody>
    <allowMergeFieldsInHeader>true</allowMergeFieldsInHeader>
</NamedCredential>
```

---

## 2. External Credential XML with Permission Set Mapping

### OAuth External Credential

```xml
<?xml version="1.0" encoding="UTF-8"?>
<ExternalCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Service_OAuth</fullName>
    <label>Service OAuth</label>
    <authenticationProtocol>Oauth</authenticationProtocol>
    <externalCredentialParameters>
        <parameterName>ClientId</parameterName>
        <parameterType>AuthProviderUrl</parameterType>
        <parameterValue>your_client_id</parameterValue>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>TokenUrl</parameterName>
        <parameterType>AuthProviderUrl</parameterType>
        <parameterValue>https://auth.example.com/oauth2/token</parameterValue>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>Scope</parameterName>
        <parameterType>AuthParameter</parameterType>
        <parameterValue>api read</parameterValue>
    </externalCredentialParameters>
    <principals>
        <principalName>ServicePrincipal</principalName>
        <principalType>NamedPrincipal</principalType>
        <sequenceNumber>1</sequenceNumber>
    </principals>
</ExternalCredential>
```

For custom header auth (e.g., API key), use `authenticationProtocol` `Custom` with `parameterType` `AuthHeader`.

### Permission Set Mapping (Required)

```xml
<!-- In a Permission Set -->
<externalCredentialPrincipalAccesses>
    <enabled>true</enabled>
    <externalCredentialPrincipal>Service_OAuth - ServicePrincipal</externalCredentialPrincipal>
</externalCredentialPrincipalAccesses>
```

Format: `<ExternalCredentialName> - <PrincipalName>`. Missing this mapping causes `NAMED_CREDENTIAL_NOT_FOUND` at runtime.

---

## 3. Connected App Metadata XML

### Standard OAuth Connected App

```xml
<?xml version="1.0" encoding="UTF-8"?>
<ConnectedApp xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>MyWebApp</fullName>
    <label>My Web App</label>
    <contactEmail>admin@example.com</contactEmail>
    <oauthConfig>
        <callbackUrl>https://myapp.example.com/oauth/callback</callbackUrl>
        <consumerKey>AUTO_GENERATED</consumerKey>
        <isAdminApproved>false</isAdminApproved>
        <isConsumerSecretOptional>false</isConsumerSecretOptional>
        <scopes>Api</scopes>
        <scopes>RefreshToken</scopes>
    </oauthConfig>
    <oauthPolicy>

What is this skill?

Legacy and Enhanced Named Credential XML templates with Password, OAuth, JWT, JwtExchange, AwsSv4, and NoAuthentication

Enhanced Named Credential fields: externalCredential, generateAuthorizationHeader, merge-field body/header guards

Explicit scope split: configuration metadata here; Apex callout patterns live in sf-apex integration-patterns reference

Principal types documented (NamedUser, Anonymous) for URL whitelisting-only integrations

Architecture decision guides for auth flow selection during integration setup

Adoption & trust: 1 installs on skills.sh; 7 GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

BuildIntegrations & version control

SKILL.md

READMESKILL.md - Sf Integration

# Integration Configuration Reference

Metadata XML templates, auth flow details, and architecture decision guides for Salesforce integration setup.

> **Scope**: This file covers configuration and metadata. For Apex callout code patterns, see [integration-patterns.md](../../sf-apex/references/integration-patterns.md).

---

## 1. Named Credential XML Templates

### Legacy Named Credential -- Password Auth

```xml
<?xml version="1.0" encoding="UTF-8"?>
<NamedCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Legacy_Service</fullName>
    <label>Legacy Service</label>
    <endpoint>https://api.example.com/v1</endpoint>
    <principalType>NamedUser</principalType>
    <protocol>Password</protocol>
    <username>service_account</username>
</NamedCredential>
```

Legacy `protocol` values: `Password`, `Oauth`, `Jwt`, `JwtExchange`, `AwsSv4`, `NoAuthentication`. For no-auth (URL whitelisting only), set `principalType` to `Anonymous` and `protocol` to `NoAuthentication`.

### Enhanced Named Credential

```xml
<?xml version="1.0" encoding="UTF-8"?>
<NamedCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Enhanced_Service</fullName>
    <label>Enhanced Service</label>
    <endpoint>https://api.example.com/v2</endpoint>
    <externalCredential>Enhanced_Service_Auth</externalCredential>
    <generateAuthorizationHeader>true</generateAuthorizationHeader>
    <allowMergeFieldsInBody>false</allowMergeFieldsInBody>
    <allowMergeFieldsInHeader>true</allowMergeFieldsInHeader>
</NamedCredential>
```

---

## 2. External Credential XML with Permission Set Mapping

### OAuth External Credential

```xml
<?xml version="1.0" encoding="UTF-8"?>
<ExternalCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>Service_OAuth</fullName>
    <label>Service OAuth</label>
    <authenticationProtocol>Oauth</authenticationProtocol>
    <externalCredentialParameters>
        <parameterName>ClientId</parameterName>
        <parameterType>AuthProviderUrl</parameterType>
        <parameterValue>your_client_id</parameterValue>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>TokenUrl</parameterName>
        <parameterType>AuthProviderUrl</parameterType>
        <parameterValue>https://auth.example.com/oauth2/token</parameterValue>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>Scope</parameterName>
        <parameterType>AuthParameter</parameterType>
        <parameterValue>api read</parameterValue>
    </externalCredentialParameters>
    <principals>
        <principalName>ServicePrincipal</principalName>
        <principalType>NamedPrincipal</principalType>
        <sequenceNumber>1</sequenceNumber>
    </principals>
</ExternalCredential>
```

For custom header auth (e.g., API key), use `authenticationProtocol` `Custom` with `parameterType` `AuthHeader`.

### Permission Set Mapping (Required)

```xml
<!-- In a Permission Set -->
<externalCredentialPrincipalAccesses>
    <enabled>true</enabled>
    <externalCredentialPrincipal>Service_OAuth - ServicePrincipal</externalCredentialPrincipal>
</externalCredentialPrincipalAccesses>
```

Format: `<ExternalCredentialName> - <PrincipalName>`. Missing this mapping causes `NAMED_CREDENTIAL_NOT_FOUND` at runtime.

---

## 3. Connected App Metadata XML

### Standard OAuth Connected App

```xml
<?xml version="1.0" encoding="UTF-8"?>
<ConnectedApp xmlns="http://soap.sforce.com/2006/04/metadata">
    <fullName>MyWebApp</fullName>
    <label>My Web App</label>
    <contactEmail>admin@example.com</contactEmail>
    <oauthConfig>
        <callbackUrl>https://myapp.example.com/oauth/callback</callbackUrl>
        <consumerKey>AUTO_GENERATED</consumerKey>
        <isAdminApproved>false</isAdminApproved>
        <isConsumerSecretOptional>false</isConsumerSecretOptional>
        <scopes>Api</scopes>
        <scopes>RefreshToken</scopes>
    </oauthConfig>
    <oauthPolicy>

Install

What is this skill?

Recommended Skills

Journey fit

Is Sf Integration safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Sf Integration safe to install?

SKILL.md