Service Cloud Voice Implementation Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Overview
Examples of Common Use Cases
Telephony Integration API
Authorization
Create a Voice Call Record
Update a Voice Call Record
Create a Transcript
Create Transcripts in Bulk
Execute an Omni-Channel Flow
Send a Real-Time Conversation Event
Store a Post-Call Conversation Event
Reroute a Voice Call
Clear Routing
Sample Code
Toolkit API
Connect API
AWS Lambda Functions
Amazon Connect Flows
Amazon CloudWatch Monitoring
Limits and Scaling
PDF

Telephony Integration REST API Authorization

The Telephony Integration REST API requires JWT authorization. Usually, the provisioning process already sets up this authorization for you. This content simply provides instructions in case you must manually set up this authorization.

While creating a contact center instance with the Service Cloud Voice setup flow, a private/public key pair is auto-generated. The private key is stored as a secure string in AWS Systems Manager Parameter Store. The private key can be a 1024-, 2048, or 4096-bit RSA key length. We recommend an RSA key length of 2048.

The public key is stored in the corresponding Salesforce CallCenter record. The private key is used to sign the JWT claim which must be included in the Bearer header for any HTTP request targeting the Service Cloud Voice REST API.

The following prerequisites must be satisfied before you can start the authorization process flow.

  • Sign the JWT using RSA SHA256, which uses an uploaded certificate as the signing secret.

  • Generate an X509 certificate using OpenSSL.

Once you’ve satisfied these prerequisites, set up authorization for this API.

  1. Construct a JWT header with this format: {"alg":"RS256"}.
  2. Base64url encode the JWT header as defined in Base 64 Encoding with URL and Filename Safe Alphabet. For example: eyJhbGciOiJSUzI1NiJ9.
  3. Construct a JSON claims set for the JWT with the following parameters:
    • iss—The issuer is the Salesforce org ID where you set up your contact center and registered the certificate.
    • sub—The subject must contain the “Salesforce Call Center API Name”.
    • aud—The audience identifies the authorization server as an intended audience. The authorization server must verify that it is an intended audience for the token. Use https://scrt.salesforce.com.
    • exp—The expiration time of the assertion within 3 minutes, expressed as the number of seconds from 1970-01-01T0:0:0Z measured in UTC.
    • jwtId—The unique ID for the JWT token.

      Salesforce doesn’t require JWT ID (JTI) claims in your JWT bearer tokens. However, if you pass a JTI claim in your JWT bearer token, Salesforce validates that the JTI claim hasn’t been sent before. This validation prevents JWT replay attacks.

      Note

    Sample JSON claim set for the JWT:

    { 
  "iss": "00DRM000000GuTE", 
  "sub": "HVCC", 
  "aud": "https://scrt.salesforce.com",
  "exp": 1333685628
}
  4. Base64url encode the JWT claims set without any line breaks.
  5. Retrieve the private key stored in the keystore.
  6. Sign the payload using the private key to generate JWT token.
  7. Use the generated JWT token as part of the Authorization header when making the API request.