Salesforce Integration Interview Questions

In this post, we will try to put together an elusive list of all the Top Salesforce Integration Interview questions and answers.

Starting with the basics we will go on to the Advanced level and get you all prepped for a good interview henceforth.

Basic Integration Questions

1. What is Integration in Salesforce?

Integration is a process of connecting two or more applications and streamlining separate processes. There are ways to integrate applications like UI integration, Business logic Integration, or Data Integration.

Below are the common integration initiatives for the salesforce platform.

• User Interface or Application Integration: Combine the UIs of two or more apps to create A composite app. For example; using force.com Canvas.
• Business Logic or Process Integration: Using Apex Web Services for Inbound and Apex Callouts for Outbound to handle a scenario where business logic is spread across several applications.
• Data Integration: It uses SOAP APIs and REST APIs to meet data synchronization requirements from the source.

2. What is a webservice?

A Webservice generally is a standardized medium to communicate between the client and server applications on the Web. Webservices are functionality or code which helps us to do integration. They are open standard (like XML, SOAP, HTTP, etc.) based web applications that interact with other web applications to exchange data.

Type of Web Service

There are mainly two types of web services.

• SOAP webservices
• REST webservices

3. What is Protocol?

A protocol is a set of mutually accepted and implemented rules at both ends of the communications channel for the proper exchange of information.

4. Define JSON

JSON stands for JavaScript Object Notation. It is a lightweight format for storing and transporting data when sent from a server to a web page. JSON data is written as name/value pairs, just like object properties. JSON objects are written inside curly braces. JSON arrays are written inside square brackets. JSON is a way of representing objects and retrieving values at ease. It is less secure and does not provide any support for namespaces.

5. Define XML

XML stands for eXtensible Markup Language. It is a markup language much like HTML and is type-less, and should be a string. XML was designed to store and transport data. XML was designed to be self-descriptive. It is more secure than JSON and supports namespaces. XML is just information wrapped in tags, has sender information, receiver information, a heading, and a message body but does not DO anything.

6. What is WSDL?

WSDL (Web Services Description Language) is an XML file that describes a web service as a set of endpoints operating on messages. A WSDL is used to expose a SOAP WS method in an apex Class. Apex class must be declared global and the exposed method must be declared static and use a webservice keyword. The keyword imparts the code to run in the system context. There are two types of WSDL in Salesforce:

• Enterprise WSDL
• Partner WSDL

7. What is the difference between Enterprise WSDL and Partner WSDL?

Here is the difference between Enterprise WDSL and Partner WDSL.

Enterprise WDSL	Partner WSDL
Strongly Typed	Loosely Typed
Tied to a specific configuration of Salesforce. It changes with any change in custom fields or custom objects added.	Not tied to any configuration of Salesforce. Does not change if custom fields or custom objects are added to an organization.
Primarily for Customers	Primarily for Partners

8. What is an API?

API stands for Application Programming Interface. The Application refers to an intermediary software that allows two applications to talk to each other. The Interface can be thought of, as a contract of service defining how the two applications can communicate with each other using requests and responses. API is therefore a programmatic interface that allows two applications to talk to each other.

9. What is REST API?

REST is a software architectural style that defines a set of rules to be used while creating web services. Web services that follow the REST architectural style are known as RESTful web services. REST API also known as RESTful API is a simple, easy-to-use, and powerful web service based on RESTful principles and allows for interaction with RESTful web services.

Restful Resource consists of :

1. Resource URI (Uniform Resource Identifier)
2. HTTP Methods (HEAD, GET, POST, PATCH, DELETE)
3. Request Headers: specifies metadata for the request as in the username, passwords, and tokens
4. Request Body: specifies data for the request if necessary

Rest resource is referenced using URI, abstraction of information, and access using HTTP methods. The @RestResource annotation is used at the class level to expose an Apex class as a REST resource. RESTful API is based on the usage of these resources and their URI. These webservices are accessed using standard HTTP Methods.

REST API has a lightweight request and response framework and thereby suits best for browser and Mobile applications as they don’t need a high amount of data access. REST supports data in the form of XML and JSON.

Apex uses 3 classes to make a Rest callout : Http,HttpRequest and HttpResponse.

9a. What are the REST methods in Salesforce?

1. HEAD is used to retrieve record metadata.
2. GET is used to retrieve information about a record.
3. POST is used to create a new record.
4. PUT is used to update a record with a new record like a replacement.
5. PATCH is used to partially update the record.
6. DELETE is used to delete a record.

10. What is SOAP API?

SOAP is the Simple Object Access Protocol. SOAP uses an XML data format to declare request and response messages. It is more reliable, secure, slower, and uses more bandwidth than REST API. It is used for System to System Integration.

To expose functionality using SOAP API in Salesforce we generate a WSDL file from an apex class with the methods we intend to expose. We consume the generated WSDL along with the Partner/enterprise WSDL for authorization purposes on the client system and generate Apex. Using these classes we can invoke the webservice from the client system.

Using the WSDLs:

1. We instantiate the class
2. Pass required session details for authorization
3. Pass parameters
4. Process the response

SOAP API uses the WSDL(XML) files as a formal contract between the API and the consumer for server-to-server integration.

11. What is the difference between SOAP and REST?

Here is the difference between SOAP and REST API.

SOAP API	REST API
Relies on the SOAP protocol	Relies on REST architecture using HTTP
Supports data in XML format	Supports data in JSON or XML format
Highly structured, more secure, and reliable	Less structured and Less secured
Slower but facilitates large data loads	Faster Data access with less data load
Uses more bandwidth	lightweight
Best suited for large enterprise application	Best suited for web and mobile devices

12. What is SoapUI? How to Use SoapUI to Test Salesforce WebService?

SoapUI is a cross-platform functional automation testing tool. SoapUI is a free and open source tool, designed to help test APIs such as SOAP and REST interfaces to ensure interoperability of different applications.

13. What are Call In and Call Out?

Call In is used to expose our webservices to another system. While Call out enables us to integrate with an external service by making a call out to those external Web services by sending an HTTP request from our Apex code with proper authorization and parameters and processing the response.

14. What are remote site settings?

To access any external site from inside the salesforce we need to authorize the endpoint so as to mark it accessible via Remote site settings and thereby allow integration with the end user. It is a step to avoid accessing malicious websites from Salesforce.com.

15. What is Named Credential?

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. It helps simplify the setup for authenticated callouts, by specifying a named credential as the callout endpoint. It supports two types of authentication protocols: Basic Authentication(Password authentication) and OAuth. Using named credentials we can skip remote site settings.

Salesforce Integration Interview Questions

16. What all Integration options are available in Salesforce?

There are lots of Integration options available in Salesforce. Some of the are below.

API Name	Protocol	Data Format	Communication
REST API	REST	JSON, XML	Synchronous
SOAP API	SOAP (WSDL)	XML	Synchronous
Chatter REST API	REST	JSON, XML	Synchronous (photos are processed asynchronously)
Analytics REST API	REST	JSON, XML	Synchronous
Bulk API	REST	CSV, JSON, XML	It’s Asynchronous. Handle large data loads with batching.
Metadata API	SOAP (WSDL)	XML	Asynchronous. Retrieve, deploy, and modify metadata.
Streaming API	Bayeux	JSON	Asynchronous. Push notifications from Salesforce to subscribing applications/entities (replaces polling).
Apex REST API	REST	JSON, XML, Custom	Synchronous
Apex SOAP API	SOAP (WSDL)	XML	Synchronous
Tooling API	Build custom development tools for Salesforce platform applications

Connected App And OAuth

17. What is a Connected App?

A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps. The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions.

18. What is OAuth?

OAuth is short for open authorization. OAuth 2.0 is a token-based open protocol that enables authorization for data sharing between applications through the exchange of tokens. Client/end user can authorize through OAuth, the authorization server thereby grants an access token for the client. The user can now use this access token to access protected resources without ever providing the username or password to the other system.

19. What different OAuth2.0 Authorization flows are available in Salesforce?

There are several OAuth authorization flows to choose from, based on the use cases.

1. Web Server Flow: To integrate an external web app with the Salesforce API we use the OAuth 2.0 web server flow, which implements the OAuth 2.0 authorization code grant type. With this flow, the server hosting the web app must be able to protect the connected app’s identity, defined by the client ID and client secret.
2. User-Agent Flow: Users authorize a desktop or mobile app to access data using an external or embedded browser. Client apps running in a browser using a scripting language such as JavaScript can also use this flow. This flow uses the OAuth 2.0 implicit grant type.
3. Refresh Token: Renews access tokens issued by the OAuth 2.0 web server flow or the OAuth 2.0 user-agent flow.
4. JWT Bearer Flow: When we want server-to-server integration for data access without interactively logging in each time the servers exchange information. For these cases, we use the OAuth 2.0 JSON Web Token (JWT) bearer flow. This flow uses a certificate to sign the JWT request and doesn’t require explicit user interaction. However, this flow does require prior approval of the client app.
5. Username-Password Flow: You can use the username-password flow to authorize a client via a connected app that already has the user’s credentials.
6. Device Authentication: To integrate apps that run on devices with limited input or display capabilities.
7. Asset Token: Used to integrate IoT devices with the Salesforce API.
8. SAML Bearer Assertion Flow: With the OAuth 2.0 SAML bearer assertion flow, a client—via a connected app—can use previous authorization by supplying a signed SAML 2.0 assertion to request an OAuth access token. A SAML assertion is an XML security token issued by an identity provider and consumed by a service provider. The service provider relies on its content to identify the assertion’s subject for security-related purposes.
9. SAML Assertion Flow: The SAML assertion flow is an alternative for orgs that use SAML to access Salesforce and want to access the API the same way. 

20. What is an Integration Pattern?

Integration Pattern is a standardized method for integrating systems. It helps identify how systems interact and thereby collaborate in solving integration problems without having to be invented. There are four types of Integration patterns:

• Point to Point Integration – Multiple systems connected directly with each other
• Hub and Spoke Integration – Systems integrated to a central Hub
• API Gateway Integration – Single entry point for specific apps to access an API
• Event-Driven Architecture Integration – Publish and Subscribe model to facilitate asynchronous integration.

21. What are the types of Integration Design patterns available on the Salesforce Platform?

Pattern	Scenario
Remote Process Invocation—Request and Reply	Salesforce invokes a process on a remote system, waits for completion of that process, and then tracks the state based on the response from the remote system.
Remote Process Invocation—Fire and Forget	Salesforce invokes a process in a remote system but doesn’t wait for the completion of the process. Instead, the remote process receives and acknowledges the request and then hands off control back to Salesforce.
Batch Data Synchronization	Data stored in Lightning Platform is created or refreshed to reflect updates from an external system, and when changes from Lightning Platform are sent to an external system. Updates in either direction are done in a batch manner.
Remote Call-In	Data stored in Lightning Platform is created, retrieved, updated, or deleted by a remote system.
UI Update Based on Data Changes	The Salesforce user interface must be automatically updated as a result of changes to Salesforce data.
Data Virtualization	Salesforce accesses external data in real-time. This removes the need to persist data in Salesforce and then reconcile the data between Salesforce and the external system.

22. What is JWT flow in Salesforce?

JWT flow allows us to make secure server-to-server integration without real-time user involvement. The client specifies the user in a JSON web token (JWT) or SAML format XML assertion and proves its own identity by appending a signature. JWT Bearer token flow is ideal for applications that access salesforce only through API as there is no UI involved. For example ETL(extract, transform, and load) tools or middleware.

JWT flow uses a certificate to sign the JWT request and doesn’t require explicit user interaction. However, this flow does require prior approval of the client app.

JWT Structure :

• Headers: contains the algorithm which will be used to sign the request
• Payload: contains claims information which is an object containing information about user and additional data.
• Signature: validates the token

23. What is web server flow in Salesforce?

Web server flow allows us to integrate an external web app hosted on a web server with the Salesforce API, using the OAuth 2.0 web server flow which implements the OAuth 2.0 authorization code grant type. With this flow, the server hosting the web app must be able to protect the connected app’s identity, defined by the client ID and client secret. This flow is mainly used by applications hosted on web server to access protected resources.

24. What is OpenID Connect?

OpenID Connect is a simple identity layer to configure single sign-on and allow users log in to Salesforce. It adds on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, and obtain the basic profile information of the End-User.

To configure single sign-on (SSO) with Salesforce in OpenID Connect the user is redirected from Relying Party(Salesforce) to the Open ID Provider for sign in .We set up an authentication provider in Salesforce that implements OpenID Connect with ClientId and Client Secret from the Open ID Provider (like Google). With required configuration in place, the users can log in to Salesforce authenticating their identity from the OpenID provider and authorize Salesforce to access protected data. This all is kinda like you logging in to any site via a google ID.

25. Difference between OpenID and OAuth?

OAuth 2.0	OpenID Connect
Granting access to API	Logging the user in other system
Getting access to user data in other systems	Making the user’s accounts available in other systems
This is primarily used for Authorization	It is primarily used for authenticating the identity of the user in other system

26. What is Streaming API? Explain the different mechanisms of Steaming API.

Streaming API enables streaming events using push technology and provide a subscription mechanism for receiving events in the near real-time. The subscription mechanism supports multiple types of events, including PushTopic events, generic events, platform events, and Change Data Capture events

27. What is Change Data Capture?

Change Data Capture is a streaming product on the Lightning Platform that enables you to efficiently integrate your Salesforce data with external systems capturing data changes through notifications. A Change Data Capture event, or a change event is a notification that Salesforce sends when a change in the Salesforce record occurs as part of a create, update, delete, or undelete operation. The notification includes all new and changed fields, and header fields that contain information about the change.

It can generate change events for all custom objects defined in your Salesforce org and a subset of standard objects. We can receive changes in Salesforce records in real time and synchronize corresponding records in an external data store.

Subscribe to Change Event Channel:
Salesforce offers multiple ways to subscribe to a change event channel. For external application to Salesforce, we use Streaming API, or tools and libraries based on CometD, an open-source library that simulates push technology. To process data changes in Salesforce, we can write an Apex trigger for the change event. These change event triggers are called as Asynchronous Apex Trigger.

28. What is Tooling API? Give one example of when you used it.

Tooling API is used to integrate Salesforce metadata with other systems. Metadata types are exposed as sObjects and the field-level access speeds up operations on complex metadata types. Tooling API’s SOQL capabilities for many metadata types allow you to retrieve smaller pieces of metadata. Smaller retrieves improve performance, which makes Tooling API a better fit for developing interactive applications. You can also build custom development tools for Force.com applications. Tooling API provides SOAP and REST interfaces.

29 What is Salesforce Connect?

Salesforce Connect provides seamless integration of data across system boundaries enabling users view, search, and modify data that’s stored outside your Salesforce org. Instead of copying the data into your org, you can use external objects to access the data in real time via web service callouts.

We can use Salesforce Connect for below:

1. Display, Search, Modify Data stored in external System.
2. Don’t want duplicate data storage in Salesforce.
3. Access latest data in Real time

30. What is REST API Composite Resources

Composite Resources enables you to perform multiple operations like read, create, update, and delete Salesforce data in a single callout. The Composite REST API call executes a series of requests in a single call. You can use the output of one request as the input to a subsequent request. The response bodies and HTTP statuses of the requests are returned in a single response body. The entire series of requests counts as a single call towards your API limits and in the context of the same user. The requests in a composite call are called subrequests. In a subrequest’s body, you specify a reference ID that maps to the subrequest’s response.

For example, imagine you need to create a sales opportunity in Salesforce and then update the associated contact and add a related task. With the composite resource API, you can perform all these actions in a single call, simplifying the process and improving your application’s performance. Additionally, if any of the requests in the series fails, all modifications made in all previous requests are rolled back. This ensures data integrity and gives you precise control over transactions.

You can have up to 25 subrequests in a single call. Up to 5 of these subrequests can be Object Collections or query operations, including Query and QueryAll requests.

Key Features

1. A series of REST API requests in a single call.
2. Multiple CRUD Operations bundled and Executed in context of the same user. 
3. Output of one request as the input to a subsequent request.
4. Response bodies and status in a single response body.
5. Counts as a single call toward your API limits.

{
    "allOrNone" : true,
    "compositeRequest" : [{
        "method" : "POST",
        "url" : "/services/data/v59.0/sobjects/Account",
        "referenceId" : "NewAccount",
        "body" : {  
            "Name" : "XYZ",
            "BillingStreet" : "Landmark @ 1 Market Street",
            "BillingCity" : "San Francisco",
            "BillingState" : "California",
             "Industry" : "IT"
        }
    },{
        "method" : "GET",
        "referenceId" : "NewAccountInfo",
        "url" : "/services/data/v59.0/sobjects/Account/@{NewAccount.id}"
       }
    }]
}

More like these: Basic Salesforce Interview Questions