Skip to main content
Salesforce is the most common starting source for Inviolet adopters, because most CRM-shaped agents (sales, support, RevOps) drive the highest volume of LLM tool calls.

Why it matters

Out of the box, a Salesforce-connected agent inherits the user’s full data permission set — including fields the user has access to but should not exfiltrate (deal value to a CSM, etc.). Inviolet narrows each query to the columns declared by the matched purpose.

1. Create a Connected App in Salesforce

Salesforce setup → App Manager → New Connected App.
  • API name: Inviolet Gateway
  • Enable OAuth: yes
  • Callback URL: https://app.inviolet.ai/api/oauth/salesforce/callback
  • Scopes: api, refresh_token, offline_access
Save and copy the Consumer Key and Consumer Secret.

2. Add the data source in Inviolet

App dashboard → Data Sources → Add → Salesforce. Paste:
  • Instance URL (e.g., https://acme.my.salesforce.com)
  • Consumer Key + Consumer Secret
  • A read-only integration user’s username + password (for the observation phase)
Inviolet performs a test query against Account and lists the discovered objects. Confirm.

3. Run a tool call through the gateway

import { InViolet } from "@inviolet/sdk"

const inviolet = new InViolet({ apiKey: process.env.INVIOLET_API_KEY! })

const decision = await inviolet.intent.evaluate({
  userId: "user_2pX9...",
  toolCall: {
    name: "lookup_account",
    arguments: { account_id: "001xx000003DGT2AAO" },
  },
  dataSourceId: "salesforce_prod",
})

if (decision.outcome === "allowed") {
  // proceed with the Salesforce REST query
}

4. Verify

The query pattern map at app.inviolet.ai/data-sources/salesforce_prod updates as tool calls arrive. After 50–100 events, you’ll see which SObject types and fields your agents actually touch — the foundation for declaring a purpose against this source.