Skip to content
English
  • There are no suggestions because the search field is empty.

Salesforce Integration — Security & Architecture

Audience: Salesforce administrators, IT security reviewers, and Noux customers evaluating the integration


1) Executive Summary

This article describes how the Noux Salesforce integration works, with emphasis on security controls, data handling, authentication, authorization, and operational safeguards.

1.1 Integration purpose

The integration allows users to:

  • Connect a Salesforce org to Noux through OAuth 2.0
  • Create or link Noux Sales Rooms to Salesforce Opportunities
  • View room status from Salesforce (via the Noux Salesforce package widget)
  • Write activity notes back to the Salesforce Opportunity timeline when a room is created

1.2 Security model at a glance

  • OAuth 2.0 authorization code flow with PKCE (S256)
  • Signed state token to protect the OAuth flow context
  • Access and refresh token lifecycle with expiry tracking
  • Per-organization integration model and uniqueness constraints
  • Authenticated Noux application APIs plus a dedicated Salesforce widget API with request validation
  • Server-side handling of Salesforce API requests (the browser does not call Salesforce APIs using stored OAuth tokens)

1.3 What this article covers

  • Salesforce integration architecture and trust boundaries
  • Authentication and authorization model
  • Data read from and written to Salesforce
  • Data storage and token handling

2) System Context & High-Level Architecture

2.1 Components

  1. Noux application (https://noux.app)Handles OAuth, token storage, room creation and linking, and Salesforce API calls.
  2. Noux database (PostgreSQL on Aiven, EU)Stores integration metadata, OAuth tokens, and room-to-Opportunity linkage records.
  3. Noux Salesforce package (installed in the customer’s Salesforce org)Lightning Web Component widget and Apex controller used on Opportunity record pages.
  4. Salesforce cloud APIsOAuth endpoints and REST/Tooling APIs.

2.2 Trust boundaries

  • Boundary A: End-user browser ↔ Noux application
  • Boundary B: Noux backend ↔ Salesforce OAuth and API endpoints
  • Boundary C: Salesforce LWC/Apex ↔ Noux widget API
  • Boundary D: Noux backend ↔ Noux database

2.3 Deployment model

  • Primary hosting platform: Render.com (Web Services) — main application at https://noux.app
  • Runtime: Node.js 24.x, Next.js application server
  • Data residency / region: European Union — primary data stores hosted in EU regions (PostgreSQL via Aiven; object storage via AWS S3 eu-central-1)
  • Network controls: HTTPS/TLS for all production endpoints; OAuth callback URLs require HTTPS; Salesforce widget API enforces origin restrictions; infrastructure secrets managed via hosting-platform environment configuration

3) OAuth 2.0 Authentication & Authorization Design

3.1 OAuth entry points

The Salesforce OAuth flow uses these paths on the Noux application:

  • /integrations/salesforce/app/install
  • /integrations/salesforce/app/oauth-start
  • /integrations/salesforce/app/oauth-callback (callback)

3.2 Flow sequence

  1. A logged-in Noux user starts installation from the Noux integrations UI.
  2. Noux builds OAuth start parameters including return path, scopes, and environment (production or sandbox).
  3. Noux generates a PKCE pair:
    • code_verifier (random)
    • code_challenge (SHA-256, base64url)
  4. Noux creates a signed state value containing the return path, PKCE verifier, and sandbox flag.
  5. The user is redirected to Salesforce:
    • Production: https://login.salesforce.com/services/oauth2/authorize
    • Sandbox: https://test.salesforce.com/services/oauth2/authorize
  6. Salesforce redirects back to Noux with an authorization code and state.
  7. Noux verifies state, exchanges the code for tokens at /services/oauth2/token, and stores tokens with org metadata.
  8. The user is redirected to the Salesforce integration page in Noux (typically /integrations/salesforce).

3.3 Scopes requested

Noux requests the following Salesforce OAuth scopes:

  • api — access and manage data via Salesforce APIs
  • refresh_token — obtain refresh tokens for long-lived access
  • offline_access — perform requests when the authorizing user is not present

3.4 CSRF and flow integrity controls

  • OAuth state is signed and verified server-side
  • PKCE S256 is used (code_challenge_method=S256)
  • Callback parameters are validated before token exchange

3.5 Redirect URI

Production OAuth callback URL (must be allowlisted in the Salesforce Connected App):

  • https://noux.app/integrations/salesforce/app/oauth-callback

3.6 Token refresh behavior

  • If a non-expired access token exists, Noux reuses it.
  • Otherwise Noux refreshes using the stored refresh token.
  • Access token expiry is tracked and refreshed proactively (with a safety margin before Salesforce expiry).
  • Token exchange or refresh failures return a structured error.

3.7 Sandbox vs production

Noux supports connecting either a Salesforce production org or a sandbox org:

  • The user selects the environment when starting OAuth.
  • Noux also detects sandbox vs production from the connected instance URL for subsequent API calls.

4) Data Storage

4.1 What Noux stores for the integration

For each connected Salesforce org, Noux stores:

  • Integration linkage: Noux organization, API key used by the Salesforce widget, and connection metadata
  • Salesforce org identity: Salesforce Organization ID and instance URL
  • OAuth credentials: access token, refresh token, and access token expiry time
  • Room linkage: mapping between a Salesforce Opportunity ID and a Noux Sales Room (one room per Opportunity per Noux organization)

4.2 Token and secret storage

  • OAuth access and refresh tokens are persisted in PostgreSQL on Aiven (EU region).
  • Encryption at rest: Aiven provides disk/volume encryption for stored data.
  • Encryption in transit: Database connections require TLS.
  • Application layer: Tokens are not encrypted column-by-column in application code; access is restricted via database credentials, least-privilege application roles, and hosting-platform secret management.
  • Operational controls: OAuth client secrets and signing keys are stored as environment variables on Render.com, not in source code or the customer database.

5) Salesforce Data Access & Writeback

5.1 Data read from Salesforce

Noux reads Opportunity data using the Salesforce REST API:

  • GET /services/data/v60.0/sobjects/Opportunity/{id}
  • Fields used: Id, Name, AccountId, Account.Id, Account.Name, CreatedDate, LastModifiedDate

Noux also checks whether the Noux Salesforce package is installed:

  • GET /services/data/v64.0/tooling/query on InstalledSubscriberPackage (and related version fields)

No bulk export or scheduled sync of Salesforce data is performed; reads occur on demand when a user links or creates a room, or when the integration checks package status.

5.2 Data written to Salesforce

When a Noux Sales Room is created or linked to an Opportunity, Noux can post a note to that Opportunity:

  1. Chatter post (default): POST /services/data/v60.0/sobjects/FeedItem
  2. Completed Task (alternative configuration): POST /services/data/v60.0/sobjects/Task

The note includes a link to the Noux room. Noux does not update other Opportunity fields or create unrelated Salesforce records.

5.3 HTML handling for writeback

For Chatter posts, note content is sanitized to Salesforce-supported rich-text tags before submission.


6) Salesforce Package (Widget)

6.1 Package components

The installable Noux Sales Room Widget package includes:

  • Lightning Web Component: nouxSalesRoomWidget
  • Apex controller: NouxSalesRoomController
  • Remote Site Setting allowing HTTPS callouts to https://noux.app

6.2 Widget behavior

The widget is placed on Salesforce Opportunity record pages. It:

  • Reads the current Opportunity ID from the page context
  • Retrieves the Salesforce Organization ID via Apex
  • Calls Noux through Apex (server-side) to fetch room data for that Opportunity
  • Shows room status, visit statistics, and actions to create, edit, or preview the linked room

The widget does not store Salesforce OAuth tokens; it authenticates to Noux using the Noux API key configured in the component properties (copied from Noux → Integrations → Salesforce).

6.3 Widget API authentication

The Noux endpoint used by the widget validates:

  • Salesforce Opportunity ID
  • Salesforce Organization ID
  • User email (passed from the widget)
  • Noux API key (identifies the Noux organization’s integration)

If the Organization ID in the request does not match stored data, Noux may update it in controlled cases (for example after a sandbox/production switch), subject to uniqueness rules that prevent one Salesforce org from being linked to multiple Noux organizations.


7) Authorization & Business Rules

7.1 Noux application authorization

  • Salesforce integration management requires a logged-in Noux user.
  • Linking a room to an Opportunity requires permission to edit that room in Noux.
  • Integration data is scoped to the Noux organization that owns the connection.

7.2 One Salesforce org per Noux organization

Each Salesforce Organization ID can be connected to at most one Noux organization. This prevents accidental cross-tenant linkage when OAuth is completed.

7.3 One Noux room per Salesforce Opportunity

Each Salesforce Opportunity can be linked to at most one Noux Sales Room for a given Noux organization.

  • If someone tries to create a second room for the same Opportunity, Noux blocks it and points them to the existing room.
  • This keeps a single collaboration space per deal.

8) API Surface

8.1 Noux application API (authenticated users)

Logged-in Noux users can, among other operations:

  • View and create the Salesforce integration for their organization
  • Check whether the Salesforce package is installed and its version
  • Look up the Noux room linked to a given Opportunity
  • Link an existing Noux room to a Salesforce Opportunity

These operations require a valid Noux session.

8.2 Widget API (Salesforce package)

  • GET https://noux.app/api/integrations/salesforce/app/room-by-opportunity/{opportunityId}
  • Authenticated with query parameters: Opportunity ID, Salesforce Organization ID, user email, and Noux API key
  • Supports CORS preflight (OPTIONS) for Salesforce Lightning origins
  • Returns room status and URLs, or a create-room link if no room exists yet