skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
forcedotcom/sf-skills2.4k installs

building-sf-integrations

Salesforce integration architecture and runtime plumbing with 120-point scoring. Use this skill to set up Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, and Change Data Capture. TRIGGER when: user sets up Named Credentials, External Services, REST/SOAP callouts, Platform Events, CDC, or touches .namedCredential-meta.xml files. DO NOT TRIGGER when: Connected App/OAuth config (use configuring-connected-apps), Apex-only logic (use generating-apex), data import/export (use handling-sf-data), or CDC channel-membership metadata such as PlatformEventChannel, PlatformEventChannelMember, or EnrichedField (use managing-cdc-enablement).

How do I install this agent skill?

npx skills add https://github.com/forcedotcom/sf-skills --skill building-sf-integrations
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides a comprehensive toolkit for building secure Salesforce integrations, promoting platform best practices such as Named Credentials and offering automation scripts for secure configuration.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · 1 issue

What does this agent skill do?

building-sf-integrations: Salesforce Integration Patterns Expert

Use this skill when the user needs integration architecture and runtime plumbing: Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, CDC, and event-driven integration design.

When This Skill Owns the Task

Use building-sf-integrations when the work involves:

  • .namedCredential-meta.xml or External Credential metadata
  • outbound REST/SOAP callouts
  • External Service registration from OpenAPI specs
  • Platform Events, CDC, and event-driven architecture
  • choosing sync vs async integration patterns

Delegate elsewhere when the user is:


Required Context to Gather First

Ask for or infer:

  • integration style: outbound callout, inbound event, External Service, CDC, platform event
  • auth method
  • sync vs async requirement
  • system endpoint / spec details
  • rate limits, retry expectations, and failure tolerance
  • whether this is net-new design or repair of an existing integration

Recommended Workflow

1. Choose the integration pattern

NeedDefault pattern
authenticated outbound API callNamed Credential / External Credential + Apex or Flow
spec-driven API clientExternal Service
trigger-originated calloutasync callout pattern
decoupled event publishingPlatform Events
change-stream consumptionCDC

2. Choose the auth model

Prefer secure runtime-managed auth:

  • Named Credentials / External Credentials
  • OAuth or JWT via the right credential model
  • no hardcoded secrets in code

3. Generate from the right templates

Use the provided assets under:

  • assets/named-credentials/
  • assets/external-credentials/
  • assets/external-services/
  • assets/callouts/
  • assets/platform-events/
  • assets/cdc/
  • assets/soap/

4. Validate operational safety

Check:

  • timeout and retry handling
  • async strategy for trigger-originated work
  • logging / observability
  • event retention and subscriber implications

5. Hand off deployment or implementation details

Use:


High-Signal Rules

  • never hardcode credentials
  • do not do synchronous callouts from triggers
  • define timeout behavior explicitly
  • plan retries for transient failures
  • use middleware / event-driven patterns when outbound volume is high
  • prefer External Credentials architecture for new development when supported

Common anti-patterns:

  • sync trigger callouts
  • no retry or dead-letter strategy
  • no request/response logging
  • mixing auth setup responsibilities with runtime integration design

Output Format

When finishing, report in this order:

  1. Integration pattern chosen
  2. Auth model chosen
  3. Files created or updated
  4. Operational safeguards
  5. Deployment / testing next step

Suggested shape:

Integration: <summary>
Pattern: <named credential / external service / event / cdc / callout>
Files: <paths>
Safety: <timeouts, retries, async, logging>
Next step: <deploy, register, test, or implement>

Cross-Skill Integration

NeedDelegate toReason
OAuth app setupconfiguring-connected-appsconsumer key / cert / app config
advanced callout service codegenerating-apexApex implementation
declarative HTTP callout / Flow wrappergenerating-flowFlow orchestration
deploy integration metadatadeploying-metadatavalidation and rollout
use integration from Agentforcedeveloping-agentforceagent action composition

Reference Map

Start here

Event-driven / platform patterns

CLI / automation / scoring

Asset templates

  • assets/named-credentials/ — Named Credential XML templates (OAuth, JWT, Certificate, Custom auth)
  • assets/external-credentials/ — External Credential XML templates (OAuth, JWT)
  • assets/external-services/ — External Service registration template and operations guide
  • assets/callouts/ — REST sync, Queueable, retry handler, and HTTP response handler Apex templates
  • assets/platform-events/ — Platform Event definition, publisher, and subscriber templates
  • assets/cdc/ — CDC handler and subscriber trigger templates
  • assets/soap/ — SOAP callout service template and wsdl2apex guide
  • assets/endpoint-security/ — Remote Site Setting and CSP Trusted Site XML templates

Automation hooks

  • hooks/scripts/suggest_credential_setup.py — auto-suggests credential configuration steps when integration files are detected
  • hooks/scripts/validate_integration.py — validates integration patterns before agent responses

Output Expectations

When this skill completes an integration task, it produces:

  1. Credential metadata — one or more files in assets/named-credentials/ or assets/external-credentials/ filled with org-specific values
  2. Callout Apex class — a .cls file using the Named Credential pattern, with async/sync pattern chosen based on context
  3. Event/CDC artifacts — Platform Event .object-meta.xml, subscriber trigger, or CDC config (when event-driven pattern is chosen)
  4. Endpoint security metadata — Remote Site Setting and/or CSP Trusted Site XML files
  5. Scoring report — 120-point score across 6 categories (Security, Error Handling, Bulkification, Architecture, Best Practices, Documentation)
  6. Next step — a deployment or testing instruction for the generated artifacts

Score Guide

ScoreMeaning
108+strong production-ready integration design
90–107good design with some hardening left
72–89workable but needs architectural review
< 72unsafe / incomplete for deployment

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/forcedotcom/sf-skills/building-sf-integrations">View building-sf-integrations on skillZs</a>