Create an Authenticated Server-to-Server Connection

To set up a server-to-server web connection, you need to create a connected app, add the connector in Data Cloud, and create a data stream for the data. Use a server-to-server connector when your server already collects engagement data that you want to forward to Data Cloud or when you require an authenticated connection to Data Cloud.

To configure OAuth for the connected app you will use in your server-to-server connection, create a private/public RSA key pair and a digital x509 certificate.

Important: If you already have a connected app that you want to use, ensure that you have the private/public RSA key pair you used to create the x509 certificate for that app, as you need them to enable OAuth in a subsequent step.

  1. From your terminal, change directories to any folder.
  2. Create the private/public key pair.
  3. Create a digital certificate from the key pair.
  4. Complete the questions as prompted.
  5. Create a pkcs8 private key from the key pair.
  6. Keep the private/public key pair and the digital x509 certificate, as you need them in the following task.

You must configure a connected app to send data into Data Cloud using a server-to-server connection.

  1. In the Setup’s Quick Find, search for "App Manager".
  2. Select New Connected App and set the required connection values.
  3. Select Enable OAuth settings.
  4. To use JWT OAuth Flow, select Use Digital Signatures.
  5. Enter the callback URL (endpoint) that Salesforce calls back to your application during OAuth. It’s the same as the OAuth redirect URI.
  6. Click Choose File, and select the certificate (.crt file) you created in Create a Private/Public Key Pair and Certificate.
  7. Set these OAuth scopes:
    • Manage user data via APIs (api)
    • Perform requests at any time (refresh_token, offline_access)
    • Manage Data Cloud Ingestion API data (cdp_ingest_api)
  8. Clear the selection for Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.
  9. Note the Consumer Key and Callback URL.
  10. Select Edit Policies.
  11. Change IP Relaxation to Relax IP restrictions.
  12. Change Permitted Users policies to All users may self-authorize.
  13. Click Save.

Using the Consumer Key and Callback URL created in Enable OAuth settings for the API integration, paste the following URL into your browser using the noted values:

You can create a secure server-to-server connection between your website source and Data Cloud to programmatically capture and ingest data.

  1. In Salesforce, go to Setup, and then select Data Cloud Setup.

  2. Click Web & Mobile SDK, and then click New.

  3. Enter the app name, and for connector type, select Server to Server. If needed, you can later edit the app name.

  4. To select a JSON Event Type schema file from your computer, in the Schema section, click Upload Files.

  5. Preview the schema and verify your Event Category, Field data types, Primary Key, and whether a field is marked as required.

  6. Confirm that all events and fields are populated accordingly and save your work.

  7. After your schema is uploaded, compare it with your JSON schema file for accuracy.

    • To change your schema at any point, click Update Schema. You can only add events or fields; the schema must retain all previous events and fields
    • To update your schema, click Yes, Update or to view the full schema you uploaded, click View Full Schema.

  8. In the integration section, copy the system-generated Source ID. You need this to make server-to-server requests as the {appSourceId}.

Create a data stream to begin the flow of engagement and profile data in real time from your server to Data Cloud. Data streams refresh engagement data every 15 minutes and profile data every hour from the data stream.

  1. In Data Cloud, navigate to the Data Streams tab.

  2. Click New.

  3. Select Server to Server.

    If you don’t see the data source that you want, confirm whether your Data Cloud administrator uploaded the JSON schema for that application.

  4. Click Next.

  5. Select the events to include in the data stream and click Next. The events are pulled from the JSON schema uploaded in Setup.

  6. Review the list of selected events, their associated fields, and how the data source objects are mapped to the data model objects.

  7. Click Next.

    A separate data stream is created for each event with category = "Profile". A single data stream is created for all events with category = "Engagement".

  8. If you have more than one data space, select the data space for this data stream using the Data Space dropdown menu.

  9. To create the data stream, click Deploy.