store: SF-CA getter: Salesforce OAuth2 auth pattern differs from Poolbrain API key

graph/configurations/sf-ca-getter-salesforce-oauth2-auth-pattern-differs-from-poo-463065.md

@@ -0,0 +1,37 @@
+---
+id: 46306580-2561-45f5-b479-d62fce505a04
+type: configuration
+title: "SF-CA getter: Salesforce OAuth2 auth pattern differs from Poolbrain API key"
+tags: [esb-monorepo, sf-ca, salesforce, authentication, oauth2, configuration]
+importance: 0.65
+confidence: 0.8
+created: "2026-02-26T18:57:46.631773+00:00"
+updated: "2026-02-26T18:57:46.631773+00:00"
+---
+
+# SF-CA Getter: Salesforce Authentication
+
+## Auth Mechanism
+OAuth2 (token refresh required) — unlike Poolbrain's simple API key header.
+
+## Secret Manager Format (TBD)
+JSON blob with OAuth2 credentials. Fields TBD based on chosen auth flow, likely:
+- `client_id`
+- `client_secret`
+- `username`
+- `password`
+- `security_token`
+- `instance_url`
+
+## Key Differences from Poolbrain
+- Must handle token expiry and refresh within getter lifecycle
+- Uses Salesforce REST API with SOQL queries (not a REST collection endpoint)
+- Pagination via `nextRecordsUrl` in response (vs. offset-based or cursor)
+- Queries TWO object types: Account and Contact (vs. Poolbrain's single Customer type)
+- Salesforce has daily API call limits — query efficiency matters
+
+## API Pattern
+```
+GET /services/data/vXX.X/query?q=SELECT+...+FROM+Account+WHERE+LastModifiedDate+>+{timestamp}
+```
+Response includes `totalSize`, `done`, `nextRecordsUrl` (if paginated), `records[]`.