Create an Authenticated Server-to-Server Connection

To set up a server-to-server web connection, create an external client app, add the connector in Data 360, and create a data stream for the data. Use a server-to-server connector when your server already collects engagement data that you want to forward to Data 360 or when you require an authenticated connection to Data 360.

To configure OAuth for the external client app you will use in your server-to-server connection, create a private/public RSA key pair and a digital x509 certificate.

Important: If you already have an external client app that you want to use, ensure that you have the private/public RSA key pair you used to create the x509 certificate for that app, as you need them to enable OAuth in a subsequent step.

  1. From your terminal, change directories to any folder.
  2. Create the private/public key pair.
  3. Create a digital certificate from the key pair.
  4. Complete the questions as prompted.
  5. Create a pkcs8 private key from the key pair.
  6. Keep the private/public key pair and the digital x509 certificate, as you need them in the following task.

You must configure an external client app to send data into Data 360 using a server-to-server connection.

  1. In the Setup’s Quick Find, search for "External Client App Manager".
  2. Select New External Client App and set the required basic information values.
  3. Select Enable OAuth under the API (Enable OAuth Settings) dropdown.
  4. Enter the callback URL (endpoint) that Salesforce calls back to your application during OAuth. It’s the same as the OAuth redirect URI.
  5. Set these OAuth scopes:
    • Manage user data via APIs (api)
    • Perform requests at any time (refresh_token, offline_access)
    • Manage Data 360 Ingestion API data (cdp_ingest_api)
  6. To use JWT OAuth Flow, select Enable JWT Bearer Flow under Flow Enablement.
  7. Click Choose File, and select the certificate (.crt file) you created in Create a Private/Public Key Pair and Certificate.
  8. Clear the selection for Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.
  9. Click Create.
  10. On the Policies page, click Edit.
  11. Change Permitted Users policies to All users may self-authorize.
  12. Change IP Relaxation to Relax IP restrictions.
  13. Click Save.
  14. Under the Settings menu, open the OAuth Settings dropdown and note the Callback URL set on creation and Consumer Key by following the link.

Using the Consumer Key and Callback URL created in Enable OAuth settings for the API integration, paste the following URL into your browser using the noted values:

You can create a secure server-to-server connection between your website source and Data 360 to programmatically capture and ingest data.

  1. In Salesforce, go to Setup, and then select Data Cloud Setup.

  2. Click Web & Mobile SDK, and then click New.

  3. Enter the app name, and for connector type, select Server to Server. If needed, you can later edit the app name.

  4. To select a JSON Event Type schema file from your computer, in the Schema section, click Upload Files.

  5. Preview the schema and verify your Event Category, Field data types, Primary Key, and whether a field is marked as required.

  6. Confirm that all events and fields are populated accordingly and save your work.

  7. After your schema is uploaded, compare it with your JSON schema file for accuracy.

    • To change your schema at any point, click Update Schema. You can only add events or fields; the schema must retain all previous events and fields
    • To update your schema, click Yes, Update or to view the full schema you uploaded, click View Full Schema.

  8. In the integration section, copy the system-generated Source ID. You need this to make server-to-server requests as the {appSourceId}.

Create a data stream to begin the flow of engagement and profile data in real time from your server to Data 360. Data streams refresh engagement data every 15 minutes and profile data every hour from the data stream.

  1. In Data Cloud, navigate to the Data Streams tab.

  2. Click New.

  3. Select Server to Server.

    If you don’t see the data source that you want, confirm that your Data Cloud architect uploaded the JSON schema for that application.

  4. Click Next.

  5. Select the events to include in the data stream and click Next. The events are pulled from the JSON schema uploaded in Setup.

  6. Review the list of selected events, their associated fields, and how the data source objects are mapped to the data model objects.

  7. Click Next.

    A separate data stream is created for each event with category = "Profile". A single data stream is created for all events with category = "Engagement".

  8. If you have more than one data space, select the data space for this data stream using the Data Space dropdown menu.

  9. To create the data stream, click Deploy.