Translate needs to Integration Requirements (22%) Flashcards
What is SSL or TLS?
Mutual authentication certificate
Better SSL or TLS?
TLS (Transport Layer Security) is more secure and is improved version from SSL.
What are API client certificate types?
Self-signed, CA-signed, mutual authentication (SSL or TLS)
What is the difference between one-way and two-way authentication?
Two-way is more secure because both the server and client perform validation by verifying each other’s identities. In one-way authentication, only client does that.
What are 3 protocols for authorization & authentication?
SAML, OAuth 2.0, OpenID Connect
SAML:
- what is
- what language based
- where used?
Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data used in single-sign on.
OAuth 2.0
The Open Authorization (OAuth) 2.0 protocol is the industry standard for authorization to allow secure sharing of data between systems.
OpenID Connect
Used in social sign-on that adds an authentication layer on top of OAuth 2.0 for the secure exchange of user information.
To implement SSO, what standards are supported by Salesforce? (3)
SAML, Delegated Authentication, OpenID Connect
To create a Connected App, what protocols should the external application support? (3)
SAML, OAuth, OpenID Connect
Can a Connected App be created to integration service providers when SF acts as the identity provider?
Yes
Can Salesforce run as an OAuth authorization server?
Yes, SF can authorize and authenticate connected apps, which can be dynamically created from an external system
How can we manage Connected App’s access? (3)
- By setting security policies
- Defining which users have access by assigning profiles
- A refresh token policy can be scheduled to automatically revoke a connected app’s access
- etc
What are 3 roles in SSO flows?
- User
- Identity provider
- Service provider
What is SAML Assertion?
A proof of the user’s identity provided by the identity provider. It is an XML document.
What is Access Token?
It represents the user’s permission to access resources
(and so authenticates requests sent to designated API endpoints)
Can OAuth 2.0 acquire access token for a client application?
Yes
Can external applications see user’s password or credentials when using OAuth 2.0?
No, they are not revealed nor exposed.
In an OAUth 2.0 flow, what are 4 key roles involved?
- Resource Server (hosts the protected resources)
- Resource Owner (entity or end user who grants access to the protected resource)
- Authorization Server (issues access tokens)
- Client (application requesting resource access on behalf of the resource owner)
What are 4 types of tokens in OAuth 2.0?
- Authorization Code
- Access Token
- Refresh Token
- ID Token
What is authorization code?
Temporary code that will be exchanged for an access token
What is refresh token?
Token that is long-lived and used to acquire a new access token
What is ID Token?
Security token that contains information related to the end user
Access Token?
Token used by client to access protected resources in the resource server
Bearer Token?
An access token is used as a bearer token, meaning the entity who bears the token can access protected resources without further identification requirements
Consumer Key?
The key used by consumer (client) such as an external application to authorize the Salesforce user and itself on the user’s behalf. Also referred as Client Id.
Consumer Secret?
A secret, or confidential data, that is used to establish that the consumer holding the consumer secret owns the consumer key. Also referred as Client Secret.
OAuth Endpoints
OAuth endpoints are the URLs that you use to make OAuth authorization requests to Salesforce
What are the different OAuth flows? (9)
- Web Server
- User-Agent
- JWT Bearer
- Device
- SAML Bearer Assertion
- SAML Assertion
- Username-Password
- Client-Credentials
- Refresh Token
Which OAuth flow to use to integrate external web applications?
Web Server
Which OAuth flow to use to integration desktop/mobile applications?
User-agent
Which OAuth flow to use for server-to-server integration?
JWT Bearer
Which OAuth flow to use for IoT integration?
Device
Which OAuth flow to use to request an access token via SAML?
SAML Bearer Assertion
Which OAuth flow to use as an alternative for services using SAML?
SAML Assertion
Which OAuth flow to use when the external app stores the user’s credentials?
username-password
Which OAuth flow uses a consumer key and consumer secret?
Client-Credentials
Which OAuth flow is used to request a new access token?
Refresh Token
Does SAML Assertion Flow requires Connected App?
No. It’s SAML Bearer Assertion flow that requires it.
Which is recommended: client credentials OAuth 2.0 flow or username-password?
Client credentials - it is more secure.
What OpenID Connect is used for?
To Identify details of the user associated with an access token. It’s an authentication layer on top of OAuth 2.0
What is authentication?
The process that is used to verify that the user is actually who they say they are.
What is authorization?
The process of providing or determining the permissions or actions that an authenticated user can do.
Delegated Authentication?
Allows users to log in to SF using credentials that are verified by an external authentication provider
Does Delegated Authentication requires users to log in to each app separately?
Yes, even though they use the same ID for multiple apps.
Which integration pattern is the best for small volume, real-time activities?
Remote Process Invocation - Request & Reply
What is a continuation?
An asynchronous callout, used to avoid hitting the synchronous Apex transaction governor limits. Although asynchronous, its implementation still falls under the request & reply pattern since a reply is expected through a callback.
What’s the max time-out for Request & Reply?
120 seconds
What’s the max platform event message size in fire & forget?
1 MB
Can you receive a positive acknowledgement of a successful hand-off to the remote system in Fire & Forget pattern?
Yes
How many records should be processed to consider Bulk API 2.0?
More than 2000
Which API does Change Data Capture use?
Streaming API
now pub/sub
How to avoid data contention?
With data segmentation techniqeus (e.g. filter criteria)
What’s the max file size for upload via Remote Call-In?
2 GB for the ContentVersion and 500MB for all other objects
Which APIs can be used in remote call-in?
REST, SOAP or BULK API 2.0
Can a remote call-in time-out?
Yes. Each SOQL query has a limit of 120sec
How is System’s processing capacity called?
Throughput
How is system’s responsiveness to requests and demands is called?
Latency
What’s throughput optimization?
Number of concurrent requests, which translates to workload, that an application can complete in a given time.
What contributes to the workload in the system? (3)
- Number of transactions
- Number of concurrent users
- Complexity of the requests
What are some techniques to optimize throughput? (4)
- Async process
- Bulk process
- Proper queries (SOSL and SOQL)
- Platform cache
What are some techniques to optimize latency? (4)
- Optimize reports
- Optimize filters
- Simplify sharing
- Optimize interface
Which factors determines integration tool’s performance? (3)
- Timing (sync vs async)
- Volume
- Ability to process multiple objects
