---
id: 46306580-2561-45f5-b479-d62fce505a04
type: configuration
title: "SF-CA getter: Salesforce OAuth2 auth pattern differs from Poolbrain API key"
tags: [esb-monorepo, sf-ca, salesforce, authentication, oauth2, configuration]
importance: 0.65
confidence: 0.8
created: "2026-02-26T18:57:46.631773+00:00"
updated: "2026-02-26T18:58:15.151987+00:00"
relations:
  - target: 83e29321-7215-47a1-813e-a73187bda39f
    type: RELATED_TO
    direction: incoming
    strength: 0.75
    edge_id: 777a44d6-96ba-4552-a743-f12dc3a31e1a
---

# SF-CA Getter: Salesforce Authentication

## Auth Mechanism
OAuth2 (token refresh required) — unlike Poolbrain's simple API key header.

## Secret Manager Format (TBD)
JSON blob with OAuth2 credentials. Fields TBD based on chosen auth flow, likely:
- `client_id`
- `client_secret`
- `username`
- `password`
- `security_token`
- `instance_url`

## Key Differences from Poolbrain
- Must handle token expiry and refresh within getter lifecycle
- Uses Salesforce REST API with SOQL queries (not a REST collection endpoint)
- Pagination via `nextRecordsUrl` in response (vs. offset-based or cursor)
- Queries TWO object types: Account and Contact (vs. Poolbrain's single Customer type)
- Salesforce has daily API call limits — query efficiency matters

## API Pattern
```
GET /services/data/vXX.X/query?q=SELECT+...+FROM+Account+WHERE+LastModifiedDate+>+{timestamp}
```
Response includes `totalSize`, `done`, `nextRecordsUrl` (if paginated), `records[]`.