Agent-Skills.md

Agent Skills: sf-integration: Salesforce Integration Patterns Expert

>

sf-clisalesforceapi-integration
integrationID: Jaganpro/claude-code-sfskills/sf-integration

Repository

Jaganpro/claude-code-sfskills
JaganproLicense: MIT
214

Install this agent skill to your local

pnpm dlx add-skill https://github.com/Jaganpro/sf-skills/tree/HEAD/skills/sf-integration

Skill Files

Browse the full folder contents for sf-integration.

Download Skill

Loading file tree…

skills/sf-integration/SKILL.md

Skill Metadata

Name
sf-integration
Description
>

sf-integration: Salesforce Integration Patterns Expert

Expert integration architect specializing in secure callout patterns, event-driven architecture, and external service registration for Salesforce.

Core Responsibilities

  1. Named Credential Generation: OAuth 2.0, JWT Bearer, Certificate, or Custom authentication
  2. External Credential Generation: Modern External Credentials (API 61+) with Named Principals
  3. External Service Registration: Generate ExternalServiceRegistration from OpenAPI/Swagger specs
  4. REST/SOAP Callout Patterns: Sync and async implementations (details)
  5. Platform Events & CDC: Event definitions, publishers, subscribers (details)
  6. Validation & Scoring: Score integrations against 6 categories (0-120 points)

Key Insights

| Insight | Details | |---------|---------| | Named Credential Architecture | Legacy (pre-API 61) vs External Credentials (API 61+) — check org API version first | | Callouts in Triggers | Synchronous callouts NOT allowed — use async (Queueable, @future) | | Governor Limits | 100 callouts per transaction, 120s timeout max — batch callouts, use async | | External Services | Auto-generates Apex from OpenAPI specs — requires Named Credential for auth |

Named Credential Architecture (API 61+)

| Feature | Legacy Named Credential | External Credential (API 61+) | |---------|------------------------|------------------------------| | API Version | Pre-API 61 | API 61+ (Spring '24+) | | Principal Concept | Single principal | Named + Per-User Principal | | OAuth Support | Basic OAuth 2.0 | Full OAuth 2.0 + PKCE, JWT | | Recommendation | Legacy orgs only | Use for all new development |

Workflow (5-Phase Pattern)

Phase 1: Requirements Gathering

Ask the user to gather: integration type (outbound REST/SOAP, inbound, event-driven), auth method (OAuth 2.0, JWT Bearer, Certificate, API Key), external system details (endpoint, rate limits), sync vs async requirements.

Phase 2: Template Selection

| Integration Need | Template | Location | |-----------------|----------|----------| | Named Credentials | oauth-client-credentials.namedCredential-meta.xml | assets/named-credentials/ | | External Credentials | oauth-external-credential.externalCredential-meta.xml | assets/external-credentials/ | | External Services | openapi-registration.externalServiceRegistration-meta.xml | assets/external-services/ | | REST Callouts | rest-sync-callout.cls, rest-queueable-callout.cls | assets/callouts/ | | SOAP Callouts | soap-callout-service.cls | assets/soap/ | | Platform Events | platform-event-definition.object-meta.xml | assets/platform-events/ | | CDC Subscribers | cdc-subscriber-trigger.trigger | assets/cdc/ |

Phase 3: Generation & Validation

force-app/main/default/
├── namedCredentials/          # Legacy Named Credentials
├── externalCredentials/       # External Credentials (API 61+)
├── externalServiceRegistrations/
├── classes/                   # Callout services, handlers
├── objects/{{EventName}}__e/  # Platform Events
└── triggers/                  # Event/CDC subscribers

Phase 4: Deployment (CRITICAL ORDER)

  1. Named Credentials / External Credentials FIRST
  2. External Service Registrations (depends on Named Credentials)
  3. Apex classes (callout services, handlers)
  4. Platform Events / CDC configuration
  5. Triggers (depends on events being deployed)

Use the sf-deploy skill

Phase 5: Testing & Verification

  1. Named Credential: Setup → Named Credentials → Test Connection
  2. External Service: Invoke generated Apex methods
  3. Callout: Anonymous Apex or test class with Test.setMock()
  4. Events: Publish and verify subscriber execution

Named Credentials

| Auth Type | Use Case | Template | |-----------|----------|----------| | OAuth 2.0 Client Credentials | Server-to-server | oauth-client-credentials.namedCredential-meta.xml | | OAuth 2.0 JWT Bearer | CI/CD, backend | oauth-jwt-bearer.namedCredential-meta.xml | | Certificate (Mutual TLS) | High-security | certificate-auth.namedCredential-meta.xml | | Custom (API Key/Basic) | Simple APIs | custom-auth.namedCredential-meta.xml |

Templates in assets/named-credentials/. NEVER hardcode credentials.

External Services (OpenAPI/Swagger)

Process: Obtain OpenAPI spec → Create Named Credential → Register External Service → Salesforce auto-generates ExternalService.{{ServiceName}} Apex classes.

ExternalService.Stripe stripe = new ExternalService.Stripe();
ExternalService.Stripe_createCustomer_Request req = new ExternalService.Stripe_createCustomer_Request();
req.email = 'customer@example.com';
ExternalService.Stripe_createCustomer_Response resp = stripe.createCustomer(req);

Callout Patterns

See references/callout-patterns.md for complete REST and SOAP implementations.

| Pattern | Use Case | Template | |---------|----------|----------| | Sync REST | User-initiated, immediate response | rest-sync-callout.cls | | Async Queueable | Triggered from DML, fire-and-forget | rest-queueable-callout.cls | | Retry Handler | Transient failures, exponential backoff | callout-retry-handler.cls | | SOAP (WSDL2Apex) | WSDL-based services | soap-callout-service.cls |

Key rules: Use Named Credentials (callout:{{NC}}/path), set timeout (req.setTimeout(120000)), handle 4xx/5xx status codes.

Event-Driven Patterns

See references/event-patterns.md for complete Platform Event and CDC implementations.

Platform Events: Standard Volume (~2K events/hour, 3-day retention) or High Volume (millions/day, 24-hour retention). Publish via EventBus.publish(), subscribe via triggers.

Change Data Capture (CDC): Enable via Setup → Integrations → CDC. Channel: {{Object}}ChangeEvent. Change types: CREATE, UPDATE, DELETE, UNDELETE.

Scoring System (120 Points)

See references/scoring-rubric.md for the full category breakdown, scoring thresholds, and output format.

Quick summary: Security (30), Error Handling (25), Bulkification (20), Architecture (20), Best Practices (15), Documentation (10). Score 108+ = Excellent. Score <54 = BLOCK.

Anti-Patterns

| Anti-Pattern | Problem | Fix | |--------------|---------|-----| | Hardcoded credentials | Security vulnerability | Use Named Credentials | | Sync callout in trigger | CalloutException | Use Queueable | | No timeout specified | Default 10s too short | req.setTimeout(120000) | | No retry logic | Transient failures | Exponential backoff | | 100+ callouts per txn | Governor limit | Batch + async | | No logging | Can't debug production | Log requests/responses |

CLI Commands & Helper Scripts

See references/cli-reference.md for Named Credential, External Service, Platform Event CLI commands, API request examples, and credential automation scripts.

Cross-Skill Integration

| To Skill | When to Use | |----------|-------------| | sf-connected-apps | OAuth Connected App for Named Credential | | sf-apex | Custom callout service beyond templates | | sf-metadata | Query existing Named Credentials | | sf-deploy | Deploy to org | | sf-ai-agentscript | Agent action using External Service | | sf-flow | HTTP Callout Flow for agent |

Agentforce Integration Flow: sf-integration → Named Credential + External Service → sf-flow → HTTP Callout wrapper → sf-ai-agentscript → flow:// target → sf-deploy

Additional Resources

Notes & Dependencies

  • API Version: 62.0+ recommended for External Credentials
  • Required Permissions: API Enabled, External Services access
  • Optional Skills: sf-connected-apps, sf-apex, sf-deploy
  • Scoring Mode: Strict (block deployment if score < 54)