Ensuring API security and preventing data leakage is critical in any Salesforce integration. Whether you’re exposing or consuming APIs, you must follow best practices around authentication, authorization, encryption, data validation, and monitoring.
Key Strategies to Secure Salesforce APIs & Prevent Data Leakage
- Use Secure Authentication (OAuth 2.0)
- Always use OAuth 2.0 for authentication (via Connected Apps).
- Avoid basic auth or hardcoded credentials.
- For system-to-system: use JWT Bearer Flow (no user interaction).
- Use Named Credentials with External Credentials for secure token storage.
Never expose client secrets or tokens in Apex code.
- Enforce Proper Authorization
- Use Profiles, Permission Sets, and Sharing Rules to control access to data.
- In Apex, check CRUD/FLS before processing:
if (Schema.sObjectType.Account.isAccessible()) {
// Safe to proceed
}
- In LWC/Apex, respect field-level and object-level permissions.
- Use Named Credentials Instead of Hardcoded URLs or Tokens
- Simplifies callouts and stores credentials securely.
- Supports automatic token refresh.
- Integrates with External Credentials and Principal Mappings.
- Limit Data Exposure with Selective Field Querying
- Do not use SELECT * in SOQL queries.
- Always retrieve only required fields to avoid unnecessary data exposure.
SELECT Id, Name FROM Account WHERE Id = :someId
- Rate Limiting and API Usage Control
- Set up API usage monitoring via Event Monitoring, API Usage dashboard, or Shield (if available).
- Enforce rate limits if you’re building your own API (e.g., using Heroku middleware).
- Use Platform Cache to reduce repeated API hits.
- Input Validation and Output Sanitization
- Always validate and sanitize inputs, especially when using REST resources or Apex REST endpoints.
- Use try-catch blocks to handle malformed requests:
@RestResource(urlMapping=’/myapi/*’)
global with sharing class MyApiClass {
@HttpPost
global static void postData() {
try {
// Parse input safely
} catch (Exception e) {
// Log and return sanitized error
}
}
}
- Encrypt Sensitive Data
- Use Shield Platform Encryption for fields like SSNs, banking info, etc.
- Encrypt data in transit using HTTPS only endpoints (both inbound and outbound).
- Avoid Data Leakage via Logging
- Don’t log sensitive information (e.g., tokens, user data) to debug logs.
- Use Logger.warn(“Token received”) without logging the actual token.
- Secure Apex REST Endpoints
- Use with sharing keywords.
- Validate the user context via UserInfo.getUserId().
- Avoid exposing internal object structure through APIs.
- Apply custom permission checks if needed.
- Audit and Monitor API Access
- Enable Field Audit Trail, Event Monitoring, or Transaction Security Policies.
- Monitor:
- Which users/apps access what data
- Data exfiltration attempts
- Unusual patterns (e.g., repeated queries, bulk access)
- Use Middleware or Integration Layer
Use systems like MuleSoft, Heroku, or AWS API Gateway:
- As an API firewall
- For IP whitelisting, rate limiting, and schema validation
- For response masking
Common Pitfalls to Avoid
| Mistake | Better Practice |
| Hardcoding secrets | Use Named Credentials / Custom Metadata |
| Using SELECT * | Fetch only needed fields |
| Logging raw payloads | Sanitize logs, mask sensitive data |
| Over-permissioned integration user | Use a minimal profile with least privilege |
Summary
| Area | Practice |
| Authentication | OAuth 2.0 + Named Credentials |
| Authorization | FLS/CRUD checks, Sharing Rules |
| Data minimization | Query only needed fields |
| Input | Sanitize/validate all inputs |
| Monitoring | Audit logs, event monitoring |
| Middleware | Optional for firewall, retries, and transformation |