Superkabe LogoSuperkabe

Salesforce Integration

Connect a production or sandbox Salesforce org via OAuth, import contacts using a list view or SOQL, and write every Superkabe activity to the Task object.

What this integration does

  • Contact import. Pick any Contact list view OR write a SOQL query — Superkabe paginates via REST and creates leads.
  • Activity push. Every Superkabe send/open/click/reply/bounce becomes a Salesforce Task (WhoId = the contact, TaskSubtype = Email, Status = Completed). Tasks render natively on the contact's Activity Timeline.
  • Suppression sync. Contacts with HasOptedOutOfEmail = true are pulled into Superkabe's block list.
  • Production AND sandbox. A radio at connect time picks the OAuth login host (login.salesforce.com vs. test.salesforce.com); Salesforce returns the instance_url Superkabe uses for every subsequent call.

One-time setup (admin)

1. Create a Salesforce Connected App

  1. Sign in to a Salesforce org (production or DE org). Setup → App Manager → New Connected App.
  2. Name it "Superkabe". Add a contact email + logo URL.
  3. Enable OAuth Settings.
  4. Set Callback URL to:
    https://api.superkabe.com/api/integrations/salesforce/callback
  5. Selected OAuth scopes:
    • Manage user data via APIs (api)
    • Perform requests at any time (refresh_token, offline_access)
  6. Save. Salesforce takes ~10 minutes to propagate.
  7. Open the new app — copy Consumer Key and Consumer Secret.
  8. (Recommended) Manage → Edit Policies → Permitted Users: Admin approved users are pre-authorized. Add the profile(s) that should be allowed to connect.

2. Set the env vars

SALESFORCE_CLIENT_ID=…
SALESFORCE_CLIENT_SECRET=…
SALESFORCE_REDIRECT_URI=https://api.superkabe.com/api/integrations/salesforce/callback

Restart the backend. Logs should show [CRM_REGISTRY] registered provider salesforce.

User flow (per customer)

What you'll see during consent: Salesforce displays a security warning on the consent screen for any third-party app that isn't AppExchange-verified — text along the lines of "If someone contacted you via phone or email and instructed you to use this app, do not proceed." This is Salesforce's standard anti-phishing protection (added 2023) — it shows for every legitimate B2B integration on first connect to a new org. Since you arrived at the screen by clicking Connect Salesforce on your own Superkabe dashboard, it's safe to proceed. The warning only appears on the very first authorization; future token refreshes happen server-side without a consent screen. Enterprise admins who want to skip the warning entirely for their org can pre-authorize Superkabe via Profile permissions in Setup.

  1. Connect. Dashboard → Integrations → CRM → Connect Salesforce → choose Production or Sandbox. User is bounced through Salesforce's OAuth screen, approves, lands back with their instance_url persisted.
  2. Import. Manage Import → choose List view (recommended) or Custom SOQL. Map fields, click Start. The worker pages through results via Salesforce's nextRecordsUrl.
  3. Activity push. Every Superkabe event is written as a Task on the matching Contact. Tasks show on the timeline immediately.
  4. Disconnect. Same as HubSpot — tokens wiped, queue cancelled, links retained.

SOQL examples

-- All contacts at companies in your ICP
SELECT Id, Email, FirstName, LastName, Title, Account.Name, Account.Industry
FROM Contact
WHERE Account.Industry IN ('Software', 'Information Technology and Services')
  AND Email != NULL
  AND HasOptedOutOfEmail = false
LIMIT 1000

-- Newly added contacts (last 7 days)
SELECT Id, Email, FirstName, LastName, Title, Account.Name
FROM Contact
WHERE CreatedDate = LAST_N_DAYS:7
  AND Email != NULL
ORDER BY CreatedDate DESC

What gets written to Salesforce

Each Superkabe event becomes a Task with these fields:

Subject:       "Superkabe — Email opened: <subject>"
Description:   <full body + metadata + timestamp>
Status:        Completed
Priority:      Normal
ActivityDate:  YYYY-MM-DD (event occurred_at)
WhoId:         <Contact.Id>
TaskSubtype:   Email

Rate limits, retries, limitations

  • Salesforce REST API call limits are per-org per-24h (varies by tier). The activity-push worker batches imports per tick and respects 503 + Retry-After.
  • Token refresh is automatic on 401 — the instance_url from the refresh response replaces the stored one (covers My Domain migrations).
  • v1 uses REST /query with nextRecordsUrl pagination. Bulk API 2.0 graduates in Phase 4 for imports >25,000 contacts.
  • Custom Object support and AppExchange listing are on the roadmap.
  • Sandbox connections detect their environment from the returned instance_url so refresh always hits the right login host.

Next Steps