Skip to main content
Skip table of contents

No-code API setup for Salesforce Flows

This page descirbes how to use OAuth 2.0 client credentials flow with Dynamo Task API Salesforce integration.

After reading this documentation user should be able to create Salesforce Flow what will call Dynamo API without using any custom code. Executed DAP can call Salesforce APIs.

Client credentials and run-as-user are defined through the Salesforce external client app.

Benefits

  • Centralized and secure solution

  • Using Salesforce best practices

  • Declarative solution (no custom code needed)

  • Secret, scope and permission management done by client (secret rotation etc.)

  • Client secret is stored only in Salesforce

  • API key and credentials aren’t visible in the flow

  • Session ID isn’t passed to external systems

  • Run as user can be defined by the client

  • Easy Salesforce Flow integration

Availability

Dynamo API Client credentials integration is available from the following endpoint.

Production: https://dynamo-api.documill.com

Prerequisites

External Client App

External Client App enables Dynamo to call Salesforce APIs.

Setup -> Apps -> External Client Apps -> External Client App Manager -> New External Client App

  1. Fill the required basic information including App name, API name, Contact Email and Distribution State

  2. Enable OAuth authentication and give Callback URL. This URL is not used as Dynamo receives access token using Client Credentials Flow but it must be set in order to generate Consumer Key and Secret.

  3. Select ‘Manage user data via APIs’ from the Available OAuth Scopes list.

  4. In Flow Enablement section, check ‘Enable Client Credentials Flow’

Screenshot 2025-10-23 161418-20251024-083352.png

  1. In the policies tab, check that ‘Enable Client Credentials Flow’ checkbox is selected, and Username is set at OAuth Policies section.

    Screenshot 2025-10-24 112341-20251024-082341.png

    When App has been created, Consumer Key and Secret are available for inspection. These are needed when defining External Credentials in the next section.

    Consumer key and secret values are available from Settings - OAuth Settings - App Settings - Consumer Key and Secret.

Named and External Credential

Salesforce manages credentials securely by handling callout authentication automatically without user needing to pass them manually.

To set up these credentials navigate to Setup -> Security -> Named Credentials

  1. First create new External Credential; give it a label (i.e. DynamoAPIExternalCredential), name and set authentication protocol to ‘Custom’.

    Screenshot 2025-10-23 163417-20251023-133417.png

  2. Create new Principal. Parameter name can be set to anything. Add 3 new Authentication Parameters (ApiKey, ClientID and ClientSecret) and set their values accordingly.

    Screenshot 2025-10-23 163748-20251023-133748.png


    Table of these three secret parameters for convenience:

Name

Value

ApiKey

<Api key can be obtained from dynamo-users>

ClientID

<External Client App Consumer Key/ID>

ClientSecret

<External Client App Consumer Secret>

  1. Create custom headers for the External Credential. To keep header values as secret, expressions are used. Be sure to refer the name of the External Credential and parameter names as they were defined previously:
    {!$Credential.<External Credential Label>.<Auth Param Name>}

    Four headers are needed. Replace <tenantID> with the actual tenant ID (tenant ID = Salesforce org id):

    Screenshot 2025-10-24 110155-20251024-080156.png

    Here is a table of these headers so they can be easily copy pasted and modified.

Name

Value

x-dynamo-api-key

{!$Credential.DynamoAPIExternalCredential.ApiKey}

x-dynamo-integration-client-id

{!$Credential.DynamoAPIExternalCredential.ClientID}

x-dynamo-integration-client-secret

{!$Credential.DynamoAPIExternalCredential.ClientSecret}

x-dynamo-tenant-id

<tenantID>

  1. When External credential is set and saved, a Named Credential is needed. Give it a label (i.e. Dynamo API Named Credential), a name and set URL field to `https://dynamo-api.documill.com`. Make sure that Enabled for Callouts option is set to true. Select the newly created External Credential as Authentication. In Callout Options, check Allow Formulas in HTTP Header. Press Save.

    Screenshot 2025-10-23 163217-20251023-134340.png

Permission set

Set up permission set for External Credentials. To be able to access the credentials in Flow, one must configure permissions to do so. Navigate to Setup -> Users -> Permission Set and create new.

Screenshot 2025-10-24 103716-20251024-073716.png

In the settings, look for ‘External Credential Principal Access’ and open it. Edit Principal Access and add the external credential that was created previously.

Screenshot 2025-10-24 104150-20251024-074150.png
Screenshot 2025-10-24 103948-20251024-074415.png

To make sure permission to access credentials is set, navigate back to External Credentials view -> view existing Principal (press Edit on drop-down) and confirm that Principal Access is being listed:

Screenshot 2025-10-23 162301-20251023-132301.png

Now that permission set exists, it needs to be assigned to user that triggers the Task API request. Go to Setup -> Users -> Users and open the user settings. Look for Permission Set Assignments and add the Permission Set that was just created.

Screenshot 2025-10-24 105230-20251024-075529.png

External service

External Services is used in Flow when making a request to an external API.

Setup -> Integrations -> External Services.

  1. Add new External Service

  2. Select ‘From API Specification’, press Next

  3. Give your External Service a name. Set Service Schema as ‘Relative URL’ and URL path as '/v1/openapi.yaml'. Set a Named Credential with the one created before. Now Salesforce should automatically retrieve and validate the schema.

    Screenshot 2025-10-28 174434-20251028-154715.png

  4. After successful validation, press Save & Next.

  5. Operations are being listed next. Check ‘postTask’ operation so it can be used in Flow. Press Next.

Screenshot 2025-10-28 175810-20251028-155810.png

  1. Review and finish.

API Schema follows OpenAPI 3.0 YAML format and maps all needed header values and body properties in the callout. Creation of External Service will ultimately create Dynamic Apex classes that are then used in the Flow. If there is a need to add properties in body, modifying the schema is rather easy.

Using flow

Setup -> Process Automation -> Flows

  1. Create new Flow (like Screen Flow)

  2. Add new External Services Action element. This element should be the External Service operation ‘Post Task’ that was created previously. Now ‘Body’ should be listed in action’s Input Values. Give it value:

a.       New Resource -> Variable

b.       API Name -> “PostTaskBody” (could be anything)

c.       Data Type -> Apex-Defined

d.       Apex Class -> Select Dynamic Apex class that is created by External Services. Usually it is named like this:
ExternalService__<External Service name>PostTaskRequest
or similar.

Screenshot 2025-10-24 100856-20251024-070856.png

  1. Assign request body by creating ‘Assignment’ element before the action element. Give it a Label and Name. Each of the body property is set separately. Flow Builder should suggest the previously constructed Apex-Defined variable when searching for variables.

Screenshot 2025-10-24 111302-20251024-081302.png
Screenshot 2025-10-24 111332-20251024-081332.png

Flow should be now set and ready for testing.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close