Auth. & Security

Data Sync Pro sets the gold standard for security within the Salesforce ecosystem. As a native Salesforce application, developed entirely using Apex and Lightning Web Components (LWC), it operates exclusively within your Salesforce org. This ensures that no data is ever transmitted to external systems or databases without your explicit authorization. Our commitment to security is underscored by our successful completion of Salesforce's rigorous security review, securing our position on the AppExchange as a trusted managed app. Notably, Data Sync Pro does not include any named credentials or remote site settings in the package installation, reinforcing our guarantee that your data remains confined within the bounds of authorized users.

In DSP, a Connection record specifies a Salesforce org for data retrieval or action execution, regardless of it being the current local org or an external one, and irrespective of it being a sandbox or production environment.

Data Sync Pro offers versatile authentication methods tailored to your needs. For connections marked as "Is Current Org?", Data Sync Pro seamlessly executes DML/Query actions under the currently logged-in user's context, eliminating the need for separate credentials. Alternatively, when utilizing a Salesforce Named Credential, set up by your system admin or developers, Data Sync Pro leverages Salesforce merged fields for authentication, adhering to best practices as outlined in Salesforce documentation. This approach ensures credential security at the platform level, where app developers can reference but not access credentials directly. Supporting both OAuth2 and Username & Password flows, Data Sync Pro requires only the Named Credential's name in the connection record. Furthermore, for Username & Password flow, Data Sync Pro automatically creates a Remote Site Setting entry for the connected org, facilitating secure, authorized outbound actions.

When conducting data operations with connected orgs, the user's permission settings, such as profiles, permission sets, sharing settings, OAuth scopes, and system validations, are enforced. Salesforce ensures security settings at the platform level, and DSP adheres to all standards and best practices set forth by Salesforce for ISV partners. This includes precautions against SOQL injections, employing "with sharing" in Apex classes, verifying field-level and enforcing record-level access during data queries and actions, among others.