Authorization

Follow this guide to create a new Salesforce Marketing Cloud credential that will allow Nexla to authenticate to and exchange data with your Salesforce Marketing Cloud account.

Salesforce Marketing Cloud

Prerequisites

Before creating a Salesforce Marketing Cloud credential, you need to obtain your OAuth2 Client ID, Client Secret, and Marketing Cloud subdomain from your Salesforce Marketing Cloud account. Salesforce Marketing Cloud uses OAuth2 2-legged authentication (Server-to-Server OAuth), which allows Nexla to access your account using client credentials without user interaction.

To obtain your Salesforce Marketing Cloud OAuth2 credentials, follow these steps:

1. Sign in to your Salesforce Marketing Cloud account using your administrator credentials.

2. Navigate to Setup in your Marketing Cloud account by clicking the gear icon in the top right corner and selecting Setup.

3. In the Setup menu, navigate to Platform Tools > Apps > Installed Packages or use the Quick Find box to search for Installed Packages.

4. Click New to create a new installed package for API integration.

5. Configure your installed package settings:

   • Enter a name for the package (e.g., "Nexla Integration")
   • Select Server-to-Server (Legacy) or Server-to-Server as the integration type

6. Click Save to create the installed package.

7. After saving, navigate to the Components tab of your installed package.

8. Click Add Component and select API Integration.

9. Configure your API integration settings:

   • Enter a name for the API integration (e.g., "Nexla API Integration")
   • Review and select the permissions or scopes for the integration (if applicable)

10. Click Save to create the API integration.

11. Your Client ID (App Key) will be displayed immediately after creation. Copy the Client ID.

12. Your Client Secret (App Secret) will be displayed immediately after creation. Copy the Client Secret immediately, as it may not be accessible again after you navigate away from the page.

13. Navigate to your Marketing Cloud account settings to find your Marketing Cloud subdomain. Your subdomain is represented by a 28-character string starting with the letters mc. You can locate your tenant endpoints which contain your subdomain, or find it in your account settings. Copy the subdomain.

14. Store all credentials securely, as you will need them to configure your Nexla credential. The Client ID, Client Secret, and subdomain are sensitive information and should be kept confidential.

The Client ID and Client Secret are used to authenticate with the Salesforce Marketing Cloud API authentication endpoint (/v2/token) to obtain an access token. The access token is then sent in the Authorization header with the Bearer prefix for all subsequent API requests to the Salesforce Marketing Cloud API. The subdomain is used to construct the authentication and API URLs. The access token is automatically obtained and refreshed by Nexla as needed. If your credentials are compromised, you should immediately revoke them in your Salesforce Marketing Cloud account settings and generate new ones. For detailed information about Salesforce Marketing Cloud OAuth2 authentication, API access, and available endpoints, refer to the Salesforce Marketing Cloud API documentation.

Create a Salesforce Marketing Cloud Credential

• To create a new Salesforce Marketing Cloud credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Salesforce Marketing Cloud

Credential Name & Description

1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

   Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Server-to-Server OAuth Authentication

Salesforce Marketing Cloud uses Server-to-Server OAuth2 2-legged authentication for all API requests. Your Marketing Cloud subdomain, Client ID, and Client Secret are used to authenticate with the Salesforce Marketing Cloud API authentication endpoint to obtain an access token, which is then used for all subsequent API requests.

2. Enter your Marketing Cloud subdomain in the Marketing Cloud Subdomain field. This should be your Marketing Cloud subdomain, which is represented by a 28-character string starting with the letters mc. Locate your tenant endpoints which contain your subdomain, or find it in your Marketing Cloud account settings. The subdomain is used to construct the authentication and API URLs.

3. Enter your Salesforce Marketing Cloud Client ID in the Marketing Cloud Client ID field. This is the Client ID (first part of the Client Credentials App Key pair) you obtained from your Marketing Cloud account when creating an API Integration (Setup > Installed Packages > Your Package > Components > API Integration). The Client ID is used along with the Client Secret to authenticate with the Salesforce Marketing Cloud API authentication endpoint and obtain an access token.

4. Enter your Salesforce Marketing Cloud Client Secret in the Client Secret field. This is the Client Secret (second part of the Client Credentials App Key pair) you obtained from your Marketing Cloud account. The Client Secret is used along with the Client ID to authenticate with the Salesforce Marketing Cloud API authentication endpoint and obtain an access token. The Client Secret is sensitive information and must be kept confidential.

   Your Salesforce Marketing Cloud OAuth2 credentials can be found in your Marketing Cloud account under Setup > Installed Packages > Your Package > Components > API Integration. The Client ID and Client Secret are used to authenticate with the Salesforce Marketing Cloud API authentication endpoint (/v2/token) to obtain an access token. The access token is then automatically sent in the Authorization: Bearer {token} header for all subsequent API requests to the Salesforce Marketing Cloud API.

   The access token is automatically obtained and refreshed by Nexla as needed. If your credentials are compromised, you should immediately revoke them in your Marketing Cloud account settings and generate new ones. The Client ID, Client Secret, and subdomain provide access to your Marketing Cloud account data and should be treated as sensitive information. Keep your credentials secure and do not share them publicly.

   For detailed information about Salesforce Marketing Cloud OAuth2 authentication, API access, and available endpoints, see the Salesforce Marketing Cloud API documentation and Request Token documentation.

Save the Credential

1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.