Salesforce JSON Web Token Configuration

This page contains technically advanced instructions for completing a task in Salesforce. NICE CXone does not own this process. Refer to the Salesforce developer documentation for any additional assistance.

Authentication for the Salesforce API integration with Bot Builder uses the OAuth 2.0 JSON Web Token (JWT) bearer flow. You need to configure this in your Salesforce account prior to setting up the integration.

Complete each of these tasks in the order given.

Create a Private Key and X509 Certificate

To begin, you need to create the certificate. Open or download SSL to complete this task.

  1. Set OPENSSL_CONF path to C:\openssl\share\openssl.cnf.
  2. Generate an RSA private key using the following command. Set your PASSWORD to be at least four characters. In the output, it will return your Server.pass.Key file.
    var(--codeSnippetCopyLabel)
    openssl genrsa -des3 -passout pass:PASSWORD -out server.pass.key 2048
  3. Create a key file from the Server.pass.Key file. Use the same PASSWORD from the previous step. In the output, it will return your Server.Key file.
    var(--codeSnippetCopyLabel)
    openssl rsa -passin pass:PASSWORD -in server.pass.key -out server.key
  4. Request and generate the certificate using the following command.
    var(--codeSnippetCopyLabel)
    openssl req -new -key server.key -out server.csr
  5. Answer the following questions with your information:
    • Country Name
    • State or Province Name
    • Locality Name (city)
    • Organization Name
    • Organization Unit Name
    • Common Name (this is not required)
    • Email Address
  6. Generate the SSL certificate using the following command.
    var(--codeSnippetCopyLabel)
    openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Create JSON Web Token (JWT) Connected App

You need the SSL certificate (server.crt) from the previous task before you complete this task.

  1. Log in to Salesforce.
  2. Go to SetupApps > App Manager.
  3. Click New Connected App.
  4. In the Basic Information section, enter the Connected App Name, API Name, and Contact Email.
  5. In the API (Enable OAuth Settings) section, select the Enable OAuth Setting checkbox. When selected, more settings need to be configured.
  6. In the Callback URL field, you can enter a placeholder such as https://localhost:1717/OauthRedirect. This URL is not needed for JWT.
  7. Select the Use digital signatures checkbox, then click Choose File to upload the certificate (server.crt) you created in the previous task.
  8. Select and Add the following OAuth Scopes to the column on the right:
    • Manage user data via APIs (api)
    • Manage user data via Web browsers (web)
    • Perform requests at any time (refresh_token, offline_access)
  9. Scroll to the bottom of the page and click Save.
  10. In the left navigation, click Manage Connected Apps.
  11. Locate the app you just created.
  12. Verify your identity using your email or identification app, if prompted.
  13. In the API (Enable OAuth Settings) section, Copy or make a note of the Consumer Key.

At this point, you can configure the Salesforce API integration in Bot Builder.

Approve the Client App

If you don't approve the client app, you will receive an error.

  1. Log in to Salesforce.
  2. Go to Setup > AppsConnected Apps > Manage Connected Apps.
  3. Locate your app and click Edit.
  4. Click Permitted Users and select Admin approved users are pre-authorized.
  5. Click Save.
  6. Go to SetupManage UsersProfiles.
  7. Select the profile you want to grant access for.