Create an OAuth Client for Salesforce Service Cloud Voice

AI-generated summary

Genesys Cloud's integration with Salesforce Service Cloud Voice facilitates secure API authorization through OAuth client creation and token generation. The system supports two primary authentication methods: Token Implicit Grant for client-side applications and Code Authorization/PKCE for enhanced server-side security. OAuth configuration requires specific parameters including app name, token expiration settings (300-172800 seconds), and authorized redirect URIs formatted as Salesforce org URIs. Essential authorization scopes encompass multiple permissions including conversations, messaging, notifications, presence, response-management, routing, upload, users, and webdeployments with readonly access. The integration process involves generating Client ID and Client Secret tokens, configuring PKCE setup through Salesforce's App Launcher, and establishing proper redirect URI connections. This comprehensive setup enables seamless data access and functionality between Genesys Cloud and Salesforce Service Cloud platforms while maintaining robust security protocols.

Series: Set up CX Cloud, Digital and AI for Salesforce Service Cloud Voice

Previous suggested step: Create an OAuth Client for Salesforce Service Cloud Voice

PrerequisitesClick to expand

To allow the Lightning app in Salesforce Service Cloud Voice to receive a token, create an OAuth client. The token allows the app to make requests to the Genesys Cloud API and represents the user’s permissions for the app to access Genesys Cloud data. The app uses tokens when requests to API endpoints require authorization.

Click Admin.
Under Integrations, click OAuth.
Click Menu > IT and Integrations > OAuth.
Click Add client. The Client Details tab appears.
Set App Name to a descriptive name of the app. This name appears when someone authorizes this OAuth client.
(Optional) In the Description box, type a brief description of the app.
Next, set the duration of time until tokens created with this client expire. Accept the default duration, or enter a value between 300 and 172800 seconds. This sets the lifetime of the token to a maximum of two days or less.
In the Grant Types field, select one of the following types for the grant. Grant Types set the way that an application obtains an access token:
- Token Implicit Grant: A single-step authentication process where a user authenticates with Genesys Cloud and the client application directly receives an access token. This option provides less security for the access token than the authorization code grant, but is ideal for client-side browser applications (for example, JavaScript) and most desktop applications (for example, .NET WPF/WinForms or Java desktop programs).
- Code Authorization/PKCE: A two-step authentication process where a user authenticates with Genesys Cloud and the client application is then returned an authorization code. The client application provides OAuth client credentials and uses the authorization code to get an access token. The access token can then be used when making authenticated API calls. This option is the most secure and ideal for websites where:
  - API requests are made on the server-side (for example, ASP.NET or PHP).
  - A thin client in some desktop applications authorizes the user and passes the auth code to a back-end server to exchange it for an auth token and make API requests.
In the Authorised redirect URIs box, enter your Salesforce Service cloud URI for the OAuth configuration depending on the type of grant selected.
- Token Implicit Grant – Your Salesforce URI format is: https://xxxx.lightning.force.com/lightning/page/home, where xxxx is the name of your Salesforce org.
  Note: If the Use Pop-up Authentication is set to Yes in the CX Cloud, Digital and AI utility, then the redirect URL uses the static resources in /resource/genesysps__genesysAuthCallback. The URL format is: https://xxxx.lightning.force.com/resource/genesysps__genesysAuthCallback.
- PKCE – The URL format is: https://xxxx.lightning.force.com/resource/genesysps__genesysPKCEAuthCallback, where xxxx is the name of your Salesforce org. You can also get the URI using the GC Digital and AI Integration setup app. For more information, see Get Authorized redirect URI.
Click the Scope box and then add the following list of scopes to your app:
- authorization:readonly
- conversations
- messaging:readonly
- notifications
- presence
- response-management:readonly
- routing:readonly
- upload
- users:readonly
- webdeployments:readonly
Click Save. Genesys Cloud creates a Client ID and a Client Secret (token).

CX Cloud setup for PKCE

To get the URI, create the OAuth client and have the client Id ready.

To get the Authorized redirect URI:

On the Setup Home page in Salesforce, click the App Launcher icon.
Search for GC Digital and AI Integration Setup in the Search apps and items box and select the item.
Enter the following details in the Settings tab of the CX Cloud, Genesys Digital and AI for Salesforce Service Cloud Configuration:
- Genesys Cloud Region
- Genesys Cloud PKCE Grant Client Id
Click Validate and then Save.

Copy the Authorized redirect URI for later use and add it to the OAuth Client configuration for PKCE.

[NEXT] Was this article helpful?

Get user feedback about articles.

Create an OAuth Client for Salesforce Service Cloud Voice View summary

Series: Set up CX Cloud, Digital and AI for Salesforce Service Cloud Voice

CX Cloud setup for PKCE

[NEXT] Was this article helpful?

Create an OAuth Client for Salesforce Service Cloud Voice