Many customers today manage multiple Salesforce orgs within their enterprise. A common challenge they encounter is making Data Cloud data accessible in orgs where Data Cloud is not enabled. In this post, we’ll cover how to do this using Apex and the Query API.

Data actions, enrichments, and more

Before we dive in, let’s quickly level set on what options are available to you regarding using (or providing) data from Data Cloud in a Salesforce org.

For the org where Data Cloud is enabled, you can directly access that data. This can be via Flow or Reports, SOQL queries in Apex, the ConnectAPI namespace in Apex, or enrichments. Everything is natively available.

When Data Cloud is enabled in another org, the situation is different. The first option would be to push the data to the target org via a data action. These actions are publishing platform events, which could then be consumed in the other org. This is a great solution for driving actions and automation based on data in Data Cloud. However, it doesn’t work for those cases where you need to query from Data Cloud-specific data based on user input in one of those other orgs. But you can do this with Apex.

Authentication setup

Querying data from one Salesforce org to another with Apex is a well-understood challenge that was solved many years ago. And because everything is built on the well-known and trusted foundation, this pattern can now be applied to querying data from Data Cloud using the Data Cloud Connect REST API.

To make this happen, you first have to set up the necessary security and authentication configuration, so that code from your Salesforce org can query the org with Data Cloud. For this, you need to:

• Create a Connected App in your Data Cloud org
• Create an Authentication Provider for the Data Cloud org in your Salesforce org with “Salesforce” as the Provider type
• Create a Named Credential in your Salesforce org
• Configure Remote Site Settings in your Salesforce org by setting the Remote Site URL field with your Data Cloud org domain URL

Our previous blog post has more details about our next-gen named credentials, and you should also check out our Ask Me Anything session which is all about them.

Now, back to our use case. Because this is an OAuth-based, org-to-org connection, you have to ensure a few specific settings:

• In the callback URL for your connected app in your Data Cloud org, put your Salesforce org’s My Domain URL plus the Salesforce default OAuth 2.0 callback endpoint. For example, if your Data Cloud org’s domain is my_data_cloud__org, then the callback URL will be https://my_data_cloud__org.my.salesforce.com/services/oauth2/callback
• Make sure that you select the appropriate scopes for Data Cloud, such as Perform ANSI SQL queries on Data Cloud data (cdp_query_api), Manage Data Cloud profile data (cdp_profile_api), Perform requests at any time (refresh_token), and Manage user data via APIs (api)
• Be sure to set up OAuth connected app policies with a permission set

Once you have done this, you can now use the named credential in Apex to authenticate to the Data Cloud org.

HTTP callout with Apex

Querying Data Cloud is done via the Data Cloud Connect REST API, which is represented by the endpoint /services/data/v61.0/ssot/queryv2 of your Data Cloud org. This example uses Query API V2.

The following example represents a utility class that takes an SQL string (yes, SQL, not SOQL) as input, executes the callout for the query, and returns the result.

With this basic framework, you’re now able to implement querying your data in Data Cloud from any other Salesforce org with Apex.

Here is a simple example of how to use the above method:

If you want to try the queries before writing any Apex, check out our Postman Collection with some ready-made examples.

Conclusion

By using next-gen credentials in combination with Apex, you can realize the most complex business cases regarding querying data in a highly flexible and secure way. If you haven’t seen it yet, there’s also a great video from TrailblazerDX that guides you through the benefits of this implementation approach.

Resources

• Data Cloud Connect REST API Reference
• Help Docs: Enable OAuth Settings for API Integration
• Help Docs: Named Credentials as Callout Endpoints
• Video: Build Secure Integrations with Next-Gen Named Credentials

About the authors

Clare Provenzano is an Associate Product Management Intern at Salesforce. You can find her on LinkedIn.

Arastun Efendiyev is a Distinguished Technical Architect at Salesforce. You can find him on LinkedIn.