Documill Dynamo
Documill Dynamo
Breadcrumbs

No-code API setup for Salesforce Flows

This is a prerequisite for generating documents with the Documill API.


This page descirbes how to use OAuth 2.0 client credentials flow with Dynamo Task API Salesforce integration.

After reading this documentation user should be able to create Salesforce Flow what will call Dynamo API without using any custom code. Executed DAP can call Salesforce APIs.

Client credentials and run-as-user are defined through the Salesforce external client app.

Benefits

  • Centralized and secure solution

  • Using Salesforce best practices

  • Declarative solution (no custom code needed)

  • Secret, scope and permission management done by client (secret rotation etc.)

  • Client secret is stored only in Salesforce

  • API key and credentials aren’t visible in the flow

  • Session ID isn’t passed to external systems

  • Run as user can be defined by the client

  • Easy Salesforce Flow integration

Availability

Dynamo API Client credentials integration is available from the following endpoint.

Production: https://dynamo-api.documill.com

Setup

1. Create External Client App

External Client App enables Dynamo to call Salesforce APIs.

  1. From Salesforce, navigate to:

Setup -> Apps -> External Client Apps -> External Client App Manager

{67E6B8FA-2E94-4B32-9D4A-7EB039E1E7DF}-20260122-093219.png

  1. In the top right corner, select New External Client App.

    {24449E92-0F1B-48BD-A785-2E90383A2A56}-20260122-093312.png

  2. Fill the required basic information including App name, API name, Contact Email and Distribution State

    {43CBF60D-9A94-4312-B02B-4CBD83FA4595}-20260122-093450.png

  3. Enable OAuth authentication and give Callback URL. This URL is not used as Dynamo receives access token using Client Credentials Flow but it must be set in order to generate Consumer Key and Secret. In the Available OAuth Scopes, select ‘Manage user data via APIs’ from the Available OAuth Scopes list.

    {28B6762C-54DC-4EEF-B574-404381154968}-20260122-093556.png

  4. In Flow Enablement section, check ‘Enable Client Credentials Flow’.

    {5DEACBCD-2052-4B68-B68E-049EDA3498EF}-20260122-093656.png


  5. Click Crate on the bottom of the screen.

    {C077F3B5-DA98-4966-983C-E40BE42F3BC6}-20260122-093751.png


  6. Click on the newly created External Client App.

    {CFCB681E-922D-434A-944A-3541389B8F6A}-20260122-093955.png


  7. Click on the Edit button in the Policies tab.

    {A468DF7B-F28E-47D8-98FC-133ECF4DFA42}-20260122-094038.png


  8. In the OAuth Policies section, enable Client Credentials Flow and provide the Username of an active user.

    {AF812F20-CE63-4FA3-8404-92029E031D20}-20260122-094225.png


  9. In the created External Client App, open the Settings tab and retrieve the Consumer Key and Secret from the OAuth Settings section. This will be used in the next step of the setup.

    {F21C2EDF-56B1-46A9-80B0-1AB9B1F188FC}-20260122-095159.png


    image-20260122-095329.png


  10. Click Save.

2. Named and External Credential

Salesforce manages credentials securely by handling callout authentication automatically without user needing to pass them manually.

  1. To set up these credentials navigate to Setup -> Security -> Named Credentials

{1B930C62-10E5-40DC-9638-B34D2CB0E1FE}-20260122-094419.png

  1. Select External Credentials and click on New.

    {45CB37E5-1300-48D5-82DD-522273F4B779}-20260122-094450.png


  2. First create new External Credential; give it a label (i.e. DynamoAPIExternalCredential), name and set authentication protocol to ‘Custom’.

    Screenshot 2025-10-23 163417-20251023-133417.png


  3. Scroll down and create a new Principal.

    {E49B6DBE-1F77-4DD0-8322-AE2B6D1EC65C}-20260122-094605.png


  4. Add 3 new Authentication Parameters:

    1. ClientSecret = Consumer Secret (Retrieved from Salesforce).

    2. ClientID = Consumer Key (Retrieved from Salesforce)

    3. ApiKey = API Token (Retrieved from the License Manager or Documill Support)

      Screenshot 2025-10-23 163748-20251023-133748.png

      The ClientSecret and ClientID are retrieved in the first step of this article.

      image-20260122-095434.png


  5. Create custom headers for the External Credential.

    {0DC3926B-E9E6-4BC6-962C-44343E961866}-20260122-095513.png


    To keep header values as secret, expressions are used. Be sure to refer the name of the External Credential and parameter names as they were defined previously:
    {!$Credential.<External Credenstial Label>.<Auth Param Name>}

    Four headers are needed. Replace <tenantID> with the actual tenant ID (tenant ID = Salesforce org id):

Screenshot 2025-10-24 110155-20251024-080156.png

Here is a table of these headers so they can be easily copy pasted and modified.

Name

Value

x-dynamo-api-key

{!$Credential.DynamoAPIExternalCredential.ApiKey}

x-dynamo-integration-client-id

{!$Credential.DynamoAPIExternalCredential.ClientID}

x-dynamo-integration-client-secret

{!$Credential.DynamoAPIExternalCredential.ClientSecret}

x-dynamo-tenant-id

<tenantID>

The Tenant ID must be the case-safe Org ID which is not visible in the Company Information section of the setup. To retrieve the full 18 character Org ID, you can contact support@documill.com or follow the instuctions bellow:

Retrieve case-safe Organization ID

  • Open the Developer Console (gear icon → Developer Console, or from Setup → Quick Find "Developer Console").

  • In the Developer Console, go to Debug → Open Execute Anonymous Window.

  • Paste and execute this code:

System.debug(UserInfo.getOrganizationId());

  • After execution, check the Logs tab (double-click the latest log), then look under Debug Only or Execution Log — it will print your full 18-digit Org ID.

    image-20260122-100309.png

  1. When External credential is set and saved, a Named Credential is needed. Give it a label (i.e. Dynamo API Named Credential), a name and set URL field to `https://dynamo-api.documill.com`. Make sure that Enabled for Callouts option is set to true. Select the newly created External Credential as Authentication. In Callout Options, check Allow Formulas in HTTP Header. Press Save.

    Screenshot 2025-10-23 163217-20251023-134340.png

Permission set

Set up permission set for External Credentials. To be able to access the credentials in Flow, one must configure permissions to do so. Navigate to Setup -> Users -> Permission Set and create new.

Screenshot 2025-10-24 103716-20251024-073716.png

In the settings, look for ‘External Credential Principal Access’ and open it. Edit Principal Access and add the external credential that was created previously.

Screenshot 2025-10-24 104150-20251024-074150.png
Screenshot 2025-10-24 103948-20251024-074415.png

To make sure permission to access credentials is set, navigate back to External Credentials view -> view existing Principal (press Edit on drop-down) and confirm that Principal Access is being listed:

Screenshot 2025-10-23 162301-20251023-132301.png

Now that permission set exists, it needs to be assigned to user that triggers the Task API request. Go to Setup -> Users -> Users and open the user settings. Look for Permission Set Assignments and add the Permission Set that was just created.

Screenshot 2025-10-24 105230-20251024-075529.png

External service

External Services is used in Flow when making a request to an external API.

Setup -> Integrations -> External Services.

  1. Add new External Service

  2. Select ‘From API Specification’, press Next

  3. Give your External Service a name. Set Service Schema as ‘Relative URL’ and URL path as '/v1/openapi.yaml'. Set a Named Credential with the one created before. Now Salesforce should automatically retrieve and validate the schema.

    Screenshot 2025-10-28 174434-20251028-154715.png

  4. After successful validation, press Save & Next.

  5. Operations are being listed next. Check ‘postTask’ operation so it can be used in Flow. Press Next.

image-20251208-094705.png

  1. Review and finish.

API Schema follows OpenAPI 3.0 YAML format and maps all needed header values and body properties in the callout. Creation of External Service will ultimately create Dynamic Apex classes that are then used in the Flow. If there is a need to add properties in body, modifying the schema is rather easy.


Task API Use Case

Using flow (Task API)

Setup -> Process Automation -> Flows

  1. Create new Flow (like Screen Flow)

  2. Add new External Services Action element. This element should be the External Service operation ‘Post Task’ that was created previously. Now ‘Body’ should be listed in action’s Input Values. Give it value:

a.       New Resource -> Variable

b.       API Name -> “PostTaskBody” (could be anything)

c.       Data Type -> Apex-Defined

d.       Apex Class -> Select Dynamic Apex class that is created by External Services. Usually it is named like this:
ExternalService__<External Service name>PostTaskRequest
or similar.

Screenshot 2025-10-24 100856-20251024-070856.png

  1. Assign request body by creating ‘Assignment’ element before the action element. Give it a Label and Name. Each of the body property is set separately. Flow Builder should suggest the previously constructed Apex-Defined variable when searching for variables.

Screenshot 2025-10-24 111302-20251024-081302.png
Screenshot 2025-10-24 111332-20251024-081332.png

Flow should be now set and ready for testing.


Batch API Use Case

Using flow (Batch API)

Setup -> Process Automation -> Flows

  1. Create new Flow (like Screen Flow)

  2. Add new External Services Action element. This element should be the External Service operation ‘Post Batch’ that was created previously. Now ‘Body’ should be listed in action’s Input Values. Give it value:

    1. New Resource -> Variable

    2. API Name -> “body” (could be anything)

    3. Data Type -> Apex-Defined

    4. Apex Class -> Select Dynamic Apex class that is created by External Services. Usually it is named like this:
      ExternalService__<External Service name>PostBatchRequest
      or similar.

  3. Assign request body by creating ‘Assignment’ element before the action element. Give it a Label and Name. Each of the body property is set separately. Flow Builder should suggest the previously constructed Apex-Defined variable when searching for variables, similar to creation of Flow for Task API. Only exception is made when defining task array objects; each of the task objects must be constructed separately in Flow. To do that:

    1. Select Variable as body > tasks

    2. Operator as Add

    3. Value as New Resource -> Variable -> Give it a name (i.e. taskVar) -> Data Type as Apex-Defined -> Select Apex Class, that is named similar to this
      ExternalService__<External Service name>_PostBatchRequest_tasks

      Add these task objects as many as needed.

Screenshot 2025-11-13 150050-20251113-130051.png

  1. Before Flow is ready, previously created task objects needs “params” and “id” properties as stated in Post Batch documentation. New Assignment element is needed and placed before the body assignment element. Simply just give field values to task objects (taskVar > params > id) and Flow should be now ready for testing.

Screenshot 2025-11-13 151833-20251113-131833.png
Screenshot 2025-11-13 152753-20251113-132753.png

Note:
If the batch body content size grows substantially large and complex, consider implementing the integration using an HTTP callout instead of External Services. HTTP callouts provide easier control over request construction, allowing greater flexibility for modifying and managing the request body content.