Best Methods for Securing API Access Between External Systems, 2FA, Oath2, Etc

Right now I used 2 factor authentication to get into my google mail. I use 2FA to get into my salesforce instance.

I see you use various login providers but it doesn’t look like Salesforce is one of them.

Basically I need my Backendless and Salesforce instances to talk to each other in a secure manner to share confidential information. It would also be nice if employees could have fewer systems to log into if they shared information.

Do you have any recommendations for how to accomplish this goal? I don’t want to have to worry about my connection between Backendless and Salesforce from stopping due to needing to login or something. It would be nice if I could limit access to the Backendless database for admins to people who had gone through 2FA at some point.

Does anybody have recommendations for which third party login providers to use? Is google good for this purpose since I use it already for gmail? Am I barking up the wrong tree?

How about using Zapier or Make(Integrated) to accomplish the integration?

Hi Mark, yes I have Zapier and it works well for certain things. The thing that worries me is how they map fields from salesforce to backendless. It is a very manual process and they don’t keep archives of prior versions to revert. I just don’t want to mismap some data sometime because of the manual intervention in the future when I add a a column or something.

In Salesforce, I have the ability to create and instant trigger that sends data to Zapier. And I think you guys could just as soon take that same data as well. I think I would prefer to just have Backendless take the raw data and then I can define mappings in a table somewhere in Backendless that doesn’t require so much maintenance.

It looked at Integromat (Make) and it doesn’t seem like they have a way to freeze the mapping either.

I foresee using Salesforce as my internal system and master data store but potentially using Backendless as the client experience. Obviously I need to keep the data between Salesforce and Backendless synced and I don’t want something that I can break easily.

Zapier does have a trigger event called “Catch Raw Hook” that doesn’t parse anything. Perhaps another option would be to pass that to Backendless somehow and just use Zapier…not sure.

Without Zapier, you’d need to figure out how to channel the data from Salesforce into Backendles. This will require custom programming (Codeless or otherwise).

With Zapier, the problem with “mismapping” would have to be managed by a QA process. Whenever a change is made, you’d need to make sure it properly works before applying it to a production environment.

Regards,
Mark