Salesforce integration

This section covers integrating via (a) Salesforce for querying data, batch enrichments, and polling, and (b) via API.

How it works

The connection is established through a secure, one-time authorization process using Salesforce's standard OAuth 2.0 protocol. The setup involves these key steps:

  1. Create an Integration User: You will need to provision a dedicated integration user in Salesforce for Kernel.

  2. Assign permission set: Assign a permission set that provides Kernel with the outlinedData permissions. Kernel's Solutions Engineering will guide you on what is the minimal scope required that allows full functionality.

  3. Authorize Access: Using this user, Kernel will authorize Kernel's Connected App. This provides Kernel with a secure token to access Salesforce.

Data fields

Depending on your configuration, Kernel either (a) provides a flat file that specifies new custom fields you will need to create in your Salesforce Account object, or (b) an unlocked package your Salesforce admin can easily inspect and install.

Kernel will only write data into these specific fields, ensuring your master data is not altered.

Data permissions

To perform its analysis, Kernel requires read access to data in several standard objects. Write access is limited only to the custom fields created for Kernel.

Object
Read
View-All
Edit

Account

✓ (All or select fields)

✓ (All or select fields)

✓ (Kernel fields)

Lead Required if you don’t use accounts

✓ (All or select fields)

✓ (All or select fields)

✓ (Kernel fields)

Contact

✓ (All or select fields)

✓ (All or select fields)

Opportunity

✓ (All or select fields)

✓ (All or select fields)

Task

✓ (All or select fields)

✓ (All or select fields)

The integration user is not used to merge accounts. Merging accounts required Modify All access to Accounts and all associated objects. Users authorize access in Kernel's UI to complete merging actions.

FAQ

API Usage and Efficiency

Kernel is designed to be efficient with your Salesforce API quota. We use the Bulk API to update records in large batches, which significantly reduces the number of API calls required.

When writing data, Kernel uses the Bulk API (link) to minimize API quota consumption by updating up to 500 records at a time. For an organization with 100,000 accounts, this typically equates to only 200 API calls.

How does Kernel authenticate?

Kernel connects through a Salesforce Connected App using the standard OAuth 2.0 Authorization-Code + Refresh Token flow. After a one‑time user authorization via the provisioned integration user, Kernel receives a long‑lived refresh token and exchanges it for short‑lived access tokens (≤15 min)

Does Kernel need a separate UI (browser) user?

No.

How do I revoke Kernel’s access?

To revoke Kernel’s access, you can deactivate the Kernel integration user.

Is data encrypted in transit and at rest?

Yes. OAuth uses TLS 1.2+ for transport. Kernel stores any necessary credentials in a secrets manager.

How do we avoid row locks?

To avoid row locks, we recommend designating specific windows of time for updating accounts in your CRM, such as nights or weekends.

PreviousLeveraging your existing toolingNextInbound API

Last updated