Using WSC in a Java integration is a four-piece workflow: download the WSDL and generate stubs, set up the Maven or Gradle build with the WSC runtime and the generated jar, write the authentication and API call code, and operationalize for production with retry and monitoring. Each piece is mostly mechanical, but the order matters and some pieces have non-obvious traps. This guide covers the standard pattern that most Java teams follow when standing up a new WSC-based Salesforce integration.
- Download the WSDL and generate stubs
In Salesforce Setup, search API. Pick the right WSDL for the integration (Partner for generic, Enterprise for type-safe, Metadata for deployment, Tooling for IDE work). Click Generate, save the WSDL to your project resources folder. Download the latest WSC jar from the salesforce/wsc GitHub releases. Run java with classpath wsc-VERSION.jar com.sforce.ws.tools.wsdlc your-wsdl.wsdl output-stub.jar. The result is a stub jar containing the typed Java classes. Commit both the WSDL and the stub jar to source control (or regenerate on every build, depending on the team preference). Document the WSDL version and the WSC version in the project README.
- Set up the Java project build
In Maven, add the WSC runtime as a dependency: groupId com.force.api, artifactId force-wsc, version matching the WSC release you used to generate stubs. Add the generated stub jar as either a separate Maven artifact (if it lives in an internal repository) or as a system-scope dependency (if local). For Gradle, the equivalent is a compile dependency on force-wsc and either an artifact dependency or a flat-dir dependency on the stub jar. Keep the WSC runtime version aligned with the version used for stub generation; mismatched versions cause cryptic runtime exceptions when the stub calls into the runtime.
- Write authentication and API call code
Create a ConnectorConfig with the org username, password (plus security token if applicable), and login URL (login.salesforce.com for production, test.salesforce.com for sandbox). Call Connector.newConnection(config) to authenticate and get a PartnerConnection. From the connection, call API methods: connection.create(sObjects), connection.query(soql), connection.update(records), connection.delete(ids). Wrap each call in try-catch for ConnectionException and ApiFault. Log every call timing and result. For OAuth, set the session id directly via ConnectorConfig.setSessionId(token) after obtaining the token through your OAuth flow. Document the authentication choice in the integration runbook.
- Operationalize for production with retry and monitoring
Wrap every WSC call in retry-with-exponential-backoff logic to handle transient failures (UNABLE_TO_LOCK_ROW, REQUEST_RUNNING_TOO_LONG, ConnectionTimeoutException). Configure retry counts and backoff intervals based on the operation idempotency: idempotent operations (queries, updates by ID) can retry aggressively; non-idempotent operations (creates without an external ID) need careful retry logic to avoid duplicates. Log every retry to a structured log so operators can diagnose chronic failures. Monitor the org daily API request limit; WSC calls count toward it. Set ConnectorConfig.setReadTimeout() and setConnectionTimeout() to values that match the org typical response times plus a safety margin.
- WSC version mismatch between the runtime jar and the generated stub jar causes cryptic runtime exceptions. Keep both at the same version and document the version in the integration runbook.
- Password authentication requires a Security Token unless the org has explicit IP allow-listing for the integration. Token rotation is a common cause of broken integrations; plan rotation as a recurring task.
- WSC does not retry transient failures automatically. The application has to wrap every call in retry-with-backoff logic; without it, transient errors that should clear in seconds break the entire integration.
- Enterprise WSDL is org-specific. Schema changes (new fields, new objects) require regenerating stubs and redeploying the integration. Partner WSDL is more flexible but loses some type safety.
- WSC calls count against the org daily API request limit. Monitor usage proactively; a runaway integration can lock out every other caller for the rest of the day.