Picking the right API is most of the work. Once chosen, authentication, error handling, and governance follow the same patterns regardless of which API the integration uses.
- Identify the integration shape
Synchronous CRUD, high-volume async load, near-real-time event delivery, metadata movement, or chatter feed action. Each maps to a different Salesforce API.
- Pick the right API
REST for synchronous CRUD. Bulk 2.0 for high-volume loads. Pub/Sub for event delivery. Metadata for metadata. Apex REST for bespoke logic. SOAP only for legacy compatibility.
- Set up authentication
Register a Connected App for OAuth. Use JWT Bearer flow or Server-to-Server flow for backend integrations; use Authorization Code for user-facing apps.
- Build idempotent, retry-aware logic
Every integration retries eventually. Idempotent endpoints handle retries safely. Error handling distinguishes retriable (5xx, 429) from non-retriable (4xx) responses.
- Monitor consumption
Watch the API Usage Last 7 Days dashboard. Alert before hitting daily limits. Right-size the integration if consumption grows faster than headroom.
- Daily API limits scale with edition and license count. High-volume integrations can exhaust the quota; right-size with Bulk or Pub/Sub instead of REST loops.
- Pinning to too old an API version misses platform improvements; staying on the latest needs ongoing regression testing.
- Each API has its own auth, governor limits, and idiosyncrasies. Mixing them inside one integration adds complexity.
- Apex REST endpoints inherit the running user's permissions. A poorly-scoped endpoint can leak data the running user should not see.