Home

Salesforce Setup & Permissions

This guide covers the complete setup process for connecting Stood Flows to your Salesforce org, including OAuth configuration, required permissions, and security best practices.

OAuth Configuration

Create a Connected App in your Salesforce ORG

  1. Navigate to Setup:

    • Go to SetupApp ManagerNew Connected App (or edit existing)

  2. Configure OAuth Settings:

    • Callback URL: https://stoodflows.web.app/salesforce-oauth-callback

    • Selected OAuth Scopes:

      • api - Access to Salesforce REST API

      • refresh_token - Ability to refresh access tokens

      • offline_access - Long-lived session support

    • Require Proof Key for Code Exchange (PKCE): Unchecked (must be disabled)

  3. Save Configuration:

    • Keep your Client ID and Client Secret for your Stood setup

    • Save the Connected App configuration

Required Permissions

💡 Best Practice: Permissions are applied on top of OAuth settings that simply open the door for the authenticated user. You may use an integration tech user for this or consider plugging your sandbox only (full sandbox preferred to have representative statistics on data).

OAuth Scopes

The application requires the following OAuth scopes (or "full access"):

User Permissions Required

Standard API Access

Tooling API Access

Describe Access

Profile Metadata Access

License Data Access (Optional)

Limits API Access

Recommended Permission Sets

Minimum Required

  1. API Enabled - Required for all API access

  2. Read access to Lead, Opportunity, and Case objects

  3. Read access to RecordType, BusinessProcess, OpportunityStage, CaseStatus objects

  4. Tooling API access enabled

  5. Read access to FlowDefinition, Flow, ApexTrigger, Layout, ProfileLayout, Profile in Tooling API

Recommended (for Full Functionality)

  1. API Enabled - Required for all API access

  2. View All Data (optional) - For accessing all records regardless of sharing rules

  3. Customize Application - For accessing metadata objects

  4. View Setup and Configuration - For accessing Tooling API objects

  5. View Field History - For lifecycle analytics (requires Field History Tracking enabled)

Field History Tracking Setup

For lifecycle analytics to work, you must enable Field History Tracking on:

Lead Object

Opportunity Object

Setup Steps

  1. Go to SetupObject ManagerLead (or Opportunity)

  2. Click Fields & Relationships

  3. Find the Status (Lead) or StageName (Opportunity) field

  4. Click Set History Tracking

  5. Enable history tracking for the field

  6. Save

⚠️ Note: Field History Tracking has data retention limits (typically 18-24 months). Historical data beyond this period will not be available for analysis.

Security Best Practices

Integration User

Recommended: Create a dedicated integration user with minimal permissions:

  1. Create Integration User:

    • Create a user specifically for Stood Flows integration

    • Use a descriptive name (e.g., "Stood Flows Integration User")

    • Set to inactive login hours if desired

  2. Assign Permission Set:

    • Create a permission set with only required permissions

    • Assign to integration user

    • Review and update regularly

  3. Monitor Usage:

    • Review login history regularly

    • Monitor API usage

    • Set up alerts for unusual activity

Sandbox vs Production

Recommended Approach:

Data Access Considerations

API Rate Limits

Standard API

Tooling API

Optimization

The application minimizes API usage through:

Troubleshooting

Common Issues

"Insufficient Access Rights"

"Field History Tracking not enabled"

"PKCE Required"

"Invalid Callback URL"

Support

For setup assistance and commercial questions, contact: contact@stoodcrm.com

Published with Nuclino