About Adam Erstelle

Adam Erstelle is a Solution Engineer & Product Development Lead with Sercante. He loves learning about and solving really interesting challenges with Pardot and Salesforce often by building some cool tools.

Pardot Protected Campaign Member Statuses Solution

Get a solution for Protected Campaign Member Statuses in Pardot and step-by-step instructions for installation.

We go through all the effort of setting up beautiful Salesforce Campaigns, naming standards and maybe even a hierarchy. The next challenge in completing your beautiful work of campaign art is getting a hold on your Campaign Member Statuses for each campaign.

When a new Salesforce Campaign is created, many people aren’t just happy with the two default statuses of Sent and Responded. This prompts them to create what they think makes the most sense. Though as time goes on and as reporting starts to be needed, everyone making their own Campaign Member Statuses can be a nightmare that prevents you from getting meaningful and actionable intelligence. It would be really nice to take the guesswork out of status reporting and have a standard set of Campaign Member Statuses everyone uses consistently.

Jenna Molby posted a fantastic solution that enables you to automatically create the right Statuses on Campaign creation.

The automation here is good, though as you increase the number of Types the Flow could become a bit unwieldy.

Another thing that could be a problem comes later when other people might make changes to your carefully crafted structure. What happens if someone edits or even removes these statuses?

Install Protected Campaign Member Statuses

Protected Campaign Member Statuses is a free solution you can install and easily configure to solve this problem. It allows you to:

  1. Define the Campaign Member Statuses that should always be present on given Campaign Types.
  2. Restore the Protected Statuses on Active Campaigns should someone make changes.
  3. Create additional Statuses for specific reasons.
  4. Override by authorized users on a per-Campaign basis.

I don’t want the details, just let me install it

(Don’t worry. Keep reading to learn exactly what’s going on inside.)

We have an Unlocked Package you can install that sets up the application.

Get Started

Once installed, you need to define your Protected Statuses. This is done with Custom Metadata Types.

  1. Login to Salesforce Lightning, and go to Setup.
  2. Navigate to Custom Metadata Types, and click Manage Records for Protected Campaign Status.
    Pardot Protected Campaign Member Statuses
  3. To create your first ones, click New
    Pardot Protected Campaign Member Statuses
  4. Fill in the various fields.
    • Label: Used in the List of Campaign Statuses in the Setup view in step 3 above. Recommended convention:  TYPE-STATUS
    • Name: This is an API name that can be used by developers. Not required by this package. Recommended: let this autofill after you type in the Label.
    • Campaign Type: This is the actual value for the Campaign’s Type field.
    • Protected Status: This is the Status value that will become protected.
    • Is Default: Select this if this Status should be the default (please pick only 1 per Type).
    • Is Responded: Select this if this Status should be marked as Responded.
    • When complete, your screen may look something like this:
      Pardot Protected Campaign Member Statuses
  5. Click Save (or Save & New) and repeat a whole bunch.
  6. Lastly, time to set up a scheduled job to restore deleted protected statuses.
  7. Back in Setup, go to Apex Classes and click Schedule Apex.
    Pardot Protected Campaign Member Statuses
  8. Fill in the few fields.
    • Job Name: give this a nice descriptive name so you remember what it is in 3 months.
    • Apex Class: SL_ProtectedCampaignStatusJob
    • Frequency: set this to what works for you. We recommend running this daily during off-peak hours.
    • Start: today
    • End: some time in the distant future
    • Preferred Start Time: off peak hours
    • When complete, your screen may look something like this:
      Pardot Protected Campaign Member Statuses

You are good to go once you have provided your statuses. Give it a whirl by creating a new Campaign with the Type you have set up. Then take a look at the statuses already created.

Campaigns with Types not already set up will keep the default two statuses that Salesforce creates.

That’s cool. What’s behind the curtain?

To accomplish this, we leverage a few cool tools available to us:

  • Custom Metadata Types: Allows the Protected Statuses to be treated like normal Salesforce metadata and can be deployed around like any other metadata (changesets, insert devops tool here)
  • Campaign Custom Field: Has_Protected_Campaign_Member_Statuses__c is automatically checked by the solution if a Campaign is created and there are Custom Metadata Type records that specify this Campaign’s Type. It is also what allows the rest of the code to keep the statuses intact. You can clear the checkbox for this field to make changes to the statuses if you need to. However, you can’t enable protection afterwards.
  • Change Data Capture: We turn this on for CampaignMemberStatus so we can detect edits to statuses and then fix the records after-the-fact. Sadly we can’t (yet?) put any triggers on CampaignMemberStatus (which would have been ideal).
  • Triggers: yea these have been around for a while and are quite handy. We use them to kick off the automation that we’ve built when a Campaign is created. We also use them to watch for Campaign Member Status edits (through the ChangeEvents from Change Data Capture) so we can set things right afterwardsd.

If you want even more details, check out the Github project where you can see all the inner workings of what is going on.

Further Reading

Here are some resources you can use to learn more about Salesforce Campaigns and how they work in Pardot:

The post Pardot Protected Campaign Member Statuses Solution appeared first on The Spot For Pardot.

By |2021-07-16T18:27:52+00:00July 16th, 2021|Categories: Campaigns, Data Management|

Getting a List of Pardot Business Units For Your App – Programmatically

As our Pardot integrations are coping and adjusting to using the Pardot API with Salesforce SSO users, one of the new requirements is to provide the Pardot Business Unit ID in each API request. It is easy for Salesforce Administrators to get the ID, but what if we could do this with code? 

Right now, most Apps are directing Salesforce Administrators to grab the Pardot Business Unit ID  by going through these simple steps:

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Pardot Setup Home under Platform Tools > Pardot
  3. Next, click Assign Admin

4. On this page, you will see your Business Unit Id. Note: some people might have many Business Units!

Currently, this step can leave room for configuration errors. So now that we know how to ask for a Business Unit ID, let’s look at how  we can do this with code?  Well as you might have noticed, the Business Unit ID is a Salesforce record Id, and after a little discovery we learned that the Salesforce object name is PardotTenant.

Working with PardotTenant – REST API

Disclaimer: at the time of writing, PardotTenant is not documented and the Metadata Coverage Report shows basically nothing is supported.

That’s ok, as developers we are used to wanting documentation right! So let’s use Salesforce’s standard functionality to learn as much as we can.  For this exploring, we will be using the Workbench: REST Explorer.

Once you are logged in, we will use a GET request with the following path: /services/data/v50.0/sobjects/PardotTenant/describe

Here’s a breakdown of what we think the key fields are and what we can use:

  • Id: The Business Unit Id that is used for the API
  • PardotTenantName: The Business Unit Name that we see beside the ID in Setup.
  • PardotTenantAccountType: We’ve seen Production and Demo as values, could be used to determine which Pardot URL to use for the API
  • PardotTenantId: The Pardot Account ID that you see in Account Information in Pardot’s Settings page.

Now that we know what the fields are and what may be of use to us (for the application we are working on right?), we can use a new REST call to get the list of PardotTenants with the following path: /services/data/v50.0/query?q=SELECT+Id,+PardotTenantName,+PardotTenantAccountType,+PardotTenantId+FROM+PardotTenant

Great, we know what REST calls need to be made and the format of the response. The tricky part is getting our Connected App to be correctly configured to enable us to get the information we need.

There are 2 key things that you need to be able to use the Salesforce REST API and get a list of Pardot Business Units.

  1. A Connected App which includes the API scope.
  2. A Salesforce User with at least a Platform license.

Needing at least a platform license is where things can get tricky.  Normally for working with the Pardot API, a User with the Identity License (along with the Connected App) is good enough.  Identity Licenses don’t provide access to most of the Pardot objects, PardotTenant included.

Troubleshooting REST Errors

This is pretty tricky, and even just writing this post I came across a few errors.

Session is not valid

[{"message": "This session is not valid for use with the REST API", "errorCode": "INVALID_SESSION_ID"}]

You will get this error if your Connected App is missing the API scope, even if your Salesforce User can see the PardotTenant object.  Simply edit your Connected App, add the API scope, wait a few minutes and then try again.

Invalid Type or The Requested Resource Does Not Exist

There could be 2 causes for you getting one of these 2 errors.

The first is that the Salesforce Org you are connecting to just might not have Pardot setup. Pretty easy to check why.

The next (that I’m not 100% sure why yet) seems to be when I used an Access Token that I received from a Username/Password Oauth authentication request, but when I issued a JWT Bearer flow authentication request this worked fine.  For production-level code, it’s best to not use Username/Password flows anyways, but during experimentation this might cause a small issue.

Working with PardotTenant – APEX

This is pretty simple, we can use a plain old SOQL statement to retrieve the information we need.

List<PardotTenant> pardotTenants = [
        SELECT Id, PardotTenantName, PardotTenantAccountType, PardotTenantId
        FROM PardotTenant
        WHERE IsDeleted = false];

However, if you are working on a Managed Package, you might get a lot of packaging complaints about PardotTenant not being available to you. In that case, you can do something a little more dynamic:

public List<PardotTenantDto> getBusinessUnits() {
        List<sObject> pardotTenants = Database.query(
                'SELECT Id, PardotTenantName FROM PardotTenant WHERE IsDeleted = false');

        List<PardotTenantDto> businessUnits = new List<PardotTenantDto>();
        for(sObject pardotTenant : pardotTenants) {
            businessUnits.add(new PardotTenantDto(
                    (String)pardotTenant.get('Id'),
                    (String)pardotTenant.get('PardotTenantName')
            ));
        }
        return businessUnits;
    }

Conclusion

Depending on your app, it might provide a better user experience to allow users setting up their Pardot connection to select from a list of Pardot Business Units, in order to help reduce the chance of configuration errors. Exploring the PardotTenant object might be a great way to get you to being able to do this. Have questions or need help exploring if this is the right path for your app? We would love to help. Reach out or shoot a question in the comments.

The post Getting a List of Pardot Business Units For Your App – Programmatically appeared first on The Spot For Pardot.

By |2021-03-08T18:29:51+00:00March 8th, 2021|Categories: Integration, Pardot SSO Update|

Pardot API and Getting Ready with Salesforce SSO Users Part 3A: Connecting to Pardot API from APEX

The Pardot User-Migration deadline is fast approaching. There is a lot of guidance on setting up our human users for success, but what about our code? Currently, there is a lack of specifics available on how to make changes to custom code & scripts that talk to the Pardot API. So we wrote this guide specifically for connecting Pardot API from APEX

Also See Part 3B: Connecting to Pardot API from Custom Code.

We’ve come across our fair share of APEX code written in Salesforce that works with the Pardot API, and in the past it was fairly simple to set up. Just get the username, password and API key of the Pardot User, copy some APEX code examples and you were ready to go.  Now that we need to authenticate through Salesforce SSO, we’ve taken the time to detail out what you need to set up. Hang on, as there’s a lot to do. In summary we will:

  1. Create a new User for this integration
  2. Create a Salesforce Self-Signed Certificate
  3. Create a Connected App, allowing our User to be pre-authorized
  4. Create a Named Credential
  5. Write some Basic APEX that demonstrates this all working

Step 1: Create a new User

It is our recommended advice that each integration has its own user. For this Pardot integration, a Salesforce User (with an Identity License profile) linked to a Pardot SSO User should be sufficient.

In Salesforce, create a new user, commonly using the Identity Profile.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Users under Administration > Users, click on New User
  3. Use the following values (or use whatever makes sense for you)
    1. First Name: Pardot
    2. Last Name: APEX
    3. Alias: pdotapex
    4. Email: use an email address you have access to
    5. Username: create a username that uniquely identifies this integration
    6. User License: Identity
  4. When complete, the section should look like this
  5. Using the Salesforce activation email, be sure to login, which will ask you to set a password and recovery options. Save this info somewhere.
  6. If you are using User Sync, complete one more step: in Salesforce Setup navigate to Pardot Setup > Account Setup > Manage Users. Edit User Assignments and make sure your new user is Selected (or is added as a member of a selected group or role).

In Pardot, create a new user (skip step 1 if you are not using User Sync): 

  1. If you are using User Sync, update the profile and role mapping to make sure the Salesforce profile (e.g. Identity User) is mapped to a Pardot Role that matches the abilities you want your API integration to have.
  2. Navigate to the Users page in Pardot by navigating to Admin (Pardot Settings in the Lightning app), and then User Management | Users.
  3. Click the +Add User button and complete the required information, using the same values (where possible) that you used when creating the Salesforce User
  4. In the CRM Username dropdown menu, select the new API integration User you created in Salesforce.
  5. When complete, the section should look like this
  6. After saving the new User record, click the “Enable Salesforce single sign-on” link. (If you have already enabled User Sync for this user/profile, this will be completed automatically.)

A Permission Set is what will enable our User to connect via the Connected App without needing to manually authorize it.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Permission Sets under Administration > Users, click on New
  3. Use the following values (or use whatever makes sense for you)
    1. Label: Pardot API Access
    2. API Name: let it auto populate
    3. Description: Grants access to Pardot via API. No permissions specified
    4. Click Save
  4. Add the new Permission Set to the User created/chosen above
    1. When viewing the Permission Set, click Manage Assignments
    2. Click Add Assignments, and select the correct User

Step 2: Create a Salesforce Self-Signed Certificate

Certificates are actually composed of 2 pieces: a private key (often called just a key) and a public key (often called just a cert/certificate). For our purposes, the private key is used to “prove” that it is actually your code that is trying to login, and is the reason that passwords and security tokens are not required. For our purposes, the public key is used to verify that the correct (authorized) process is trying to access Salesforce.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Certificate and Key Management under Security, click Create Self-Signed Certificate
  3. Use the following values (or use whatever makes sense for you)
    1. Label: Pardot Integration Certificate
    2. Unique Name: let it auto populate
    3. Key Size: Leave it as the default value
  4. When complete, the section should look like this:
  5. Save the Certificate
  6. Once saved, click the Download Certificate button, as  you will need it when setting up the Connected App later on.

It is important to note that this certificate is only going to be valid for 1 year. You can create a longer-lived certificate, but you will have to import it from a Keystore and we will leave that for another blog post.

Step 3: Create the Connected App

A Salesforce Connected App is how you enable external code / systems access to use the Salesforce API.  Now it may seem a little weird as your APEX is already inside Salesforce, however the Authentication methods work the same way.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to App Manager under Platform Tools > Apps, click on New Connected App
  3. Use the following values for Basic Information
    1. Connected App Name: APEX Access to Pardot
    2. API Name: (let it auto populate, or make up your own name)
    3. Contact Email: use a company email address
    4. Description: Grants access to Pardot from our APEX
    5. When complete, the section should look like this:
  4. Use the following values for API (Enable OAuth Settings)
    1. Enable OAuth Settings: Checked
    2. Callback URL: https://login.salesforce.com/services/oauth2/callback
    3. Use digital signatures: Checked
    4. Browse: Use the certificate you downloaded earlier
    5. Selected OAuth Scopes:
      1. pardot_api (allows you to actually call the Pardot API
      2. offline_access (allows your code to make API calls when it needs to)
    6. When complete, the section should look like this:
  5. Save the new Connected App, click Continue after observing the warning
  6. From the Saved Record screen, take special note of the Consumer Key, you will need to use it in your APEX

Pre Authorize User to use Pardot API

Regardless of how the Connected App was set up (above), we need to pre-authorize the correct user to use the Pardot API.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to App Manager under Platform Tools > Apps, find the APEX Access to Pardot app, click the drop down menu and then Manage
  3. Click Edit Policies
  4. Under OAuth Policies > Permitted Users, change to: Admin approved users are pre-authorized, Save
  5. Back at the Connected App, new sections have appeared. In Permission Sets, click Manage Permission Sets
  6. Assign the Pardot API Access permission set

Step 4: Create a Named Credential

The Named Credential is what allows your APEX code to login and be able to actually use the Pardot API.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Named Credentials under Security, click New Named Credential
  3. Use the following values
    1. Label: APEX Pardot Credential
    2. Name: (let it auto populate, or make your own name)
    3. URL: https://pi.pardot.com/api (adjust if https://pi.demo.pardot.com/api)
    4. Certificate: leave this blank, this is used for 2-way SSL connections
    5. Identity Type: Named Principal
    6. Authentication Protocol: JWT Token Exchange
    7. Token Endpoint URL: https://login.salesforce.com/services/oauth2/token (adjust if test.salesforce.com)
    8. Issuer: OAuth Consumer Key that you created earlier
    9. Named Principal Subject: The username of the User you want to use (from the first steps of this post)
    10. Audiences: https://login.salesforce.com (adjust if required)
    11. Token Valid for: 30 Seconds
    12. JWT Signing Certificate: Pardot Integration Certificate
    13. Callout Options: leave all these at their default settings.
  4. When complete, this section should look like this
  5. Save

Sample Working APEX

The following APEX code can be called to demonstrate a working solution.

public class PardotTesting {
    public static void tryItOut() {
        HttpRequest req = new HttpRequest();
        req.setEndpoint(‘callout:APEX_Pardot_Credential/account/version/4/do/read?format=json’);
        req.setHeader(‘Pardot-Business-Unit-Id’, ‘0Uv4W0000000056SAA’);
        req.setMethod(‘GET’);
        Http http = new Http();
        HTTPResponse res = http.send(req);
        //Ideally you would parse the JSON response and work with it
        System.debug(res.getBody());
    }
}
Key things to note:  Setting the Request’s Endpoint, the Name of the Named Credential is used in the String. Following the Named Credential is the rest of the Pardot API endpoint you want to hit.

Conclusion 

Following the above steps will get your code ready for SSO in preparation for the February 15th deadline. Have some additional insights? We would love for you to  share your experiences and tips as you work through getting your code ready for SSO. Stuck and need help – let us know and we would be glad to help audit your unique instance needs

CONTINUE READING:
Pardot API and Getting Ready with Salesforce SSO Users Series: 

The post Pardot API and Getting Ready with Salesforce SSO Users Part 3A: Connecting to Pardot API from APEX appeared first on The Spot For Pardot.

By |2021-02-02T16:43:28+00:00February 2nd, 2021|Categories: Pardot SSO Update|

Pardot API and Getting Ready with Salesforce SSO Users Part 3B: Connecting to Pardot API from Code

The Salesforce SSO deadline is fast approaching, and there isn’t a lot of specifics out there on how to make changes to our custom code & scripts that talk to the Pardot API. There is a lot of guidance on setting up our human users for success, but what about our code? So we wrote this guide specifically for connecting Pardot API from Custom Code

Also See Part 3A: Connecting to Pardot API from APEX

We’ve come across our fair share of custom code that works with the Pardot API, and in the past it was really easy to set up. Just get the username, password and API key of the Pardot User, copy some code examples and you were ready to go.  Now that we need to authenticate through Salesforce SSO, we’ve got the details here on what you need to set up. Hang on, as there’s a lot to do. In summary we will:

  1. Create a new User for this integration
  2. Create a Self Signed Certificate
  3. Create a Connected App, allowing our User to be pre-authorized
  4. Run some custom code, with examples in different languages

Create a new User

It is our recommended advice that each integration has its own user. For this Pardot integration, a User with an Identity License profile should be sufficient.

In Salesforce, create a new user, possibly using the Identity Profile.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Users under Administration > Users, click on New User
  3. Use the following values (or use whatever makes sense for you)
    1. First Name: Pardot
    2. Last Name: Python
    3. Alias: pypardot
    4. Email: use an email address you have access to
    5. Username: create a username that uniquely identifies this integration
    6. User License: Identity
  4. When complete, the section should look like this
  5. Using the Salesforce activation email, be sure to login which asks you to set a password and recovery options. Save this info somewhere.
  6. If you are using User Sync, complete one more step: in Salesforce Setup navigate to Pardot Setup > Account Setup > Manage Users. Edit User Assignments and make sure your new user is Selected (or is added as a member of a selected group or role).

In Pardot, create a new user (skip step 1 if you are not using User Sync): 

  1. If you are using User Sync, update the profile and role mapping to make sure the Salesforce profile (e.g. Identity User) is mapped to a Pardot Role that matches the abilities you want your API integration to have.
  2. Navigate to the Users page in Pardot by navigating to Admin (Pardot Settings in the Lightning app), and then User Management | Users.
  3. Click the +Add User button and complete the required information, using the same values (where possible) that you used when creating the Salesforce User
  4. In the CRM Username dropdown menu, select the new API integration User you created in Salesforce.
  5. When complete, the section should look like this
  6. After saving the new User record, click the “Enable Salesforce single sign-on” link. (If you have already enabled User Sync for this user/profile, this will be completed automatically.)

A Permission Set is what will enable our User to connect via the Connected App without needing to manually authorize it.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to Permission Sets under Administration > Users, click on New
  3. Use the following values (or use whatever makes sense for you)
    1. Label: Pardot API Access
    2. API Name: let it auto populate
    3. Description: Grants access to Pardot via API. No permissions specified
    4. Click Save
  4. Add the new Permission Set to the User created/chosen above
    1. When viewing the Permission Set, click Manage Assignments
    2. Click Add Assignments, and select the correct User

Create a Self-Signed Certificate

Certificates are actually composed of 2 pieces: a private key (often called just a key) and a public key (often called just a cert/certificate). For our purposes, the private key is used to “prove” that it is actually your code that is trying to login, and is the reason that passwords and security tokens are not required. For our purposes, the public key is used to verify that the correct (authorized) process is trying to access Salesforce.

For our example, we will use a Command Line Interface app called openssl to generate our certificate.

  1. Make sure you have openssl installed
  2. Open a Terminal / Command Prompt
  3. Issue the following command:
    openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout mycoolcert.key -out mycoolcert.crt
    1. You will be prompted to provide some information. These are all optional, though it is not a bad idea to fill it out, especially since Salesforce will show the info when you look at the Connected App later on
    2. What this command does, is create a 100 year certificate with the Private Key being stored in the .key file, and the Public Key being stored in the .crt file. Both of these files are text files that you can view with any text editor.
    3. You will want to protect the .key file, as it is very uniquely created for YOU. This .key file will be used by your code as part of the authentication process.
    4. The .crt file will be used when creating the Connected App

Create the Connected App

A Salesforce Connected App is how you enable external code / systems access to use the Salesforce API.  

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to App Manager under Platform Tools > Apps, click on New Connected App
  3. Use the following values for Basic Information
    1. Connected App Name: Internal JWT Access to Pardot
    2. API Name: (let it auto populate, or make up your own name)
    3. Contact Email: use a company email address
    4. Description: Grants access to Pardot from our own custom written solutions
    5. When complete, the section should look like this:
  4. Use the following values for API (Enable OAuth Settings)
    1. Enable OAuth Settings: Checked
    2. Callback URL: https://login.salesforce.com/services/oauth2/callback
    3. Use digital signatures: Checked
    4. Browse: Use the certificate you created earlier
    5. Selected OAuth Scopes:
      1. pardot_api (allows you to actually call the Pardot API
      2. offline_access (allows your code to make API calls when it needs to)
    6. When complete, the section should look like this:
  5. Save the new Connected App, click Continue after observing the warning
  6. From the Saved Record screen, take special note of the Consumer Key, you will need to use it in your APEX

Pre Authorize User to use Pardot API

Regardless of how the Connected App was set up (above), we need to pre authorize the correct user to use the Pardot API.

  1. In Salesforce Lightning, Navigate to Setup
  2. Navigate to App Manager under Platform Tools > Apps, find the APEX Access to Pardot app, click the drop down menu and then Manage
  3. Click Edit Policies
  4. Under OAuth Policies > Permitted Users, change to: Admin approved users are pre-authorized, Save
  5. Back at the Connected App, new sections have appeared. In Permission Sets, click Manage Permission Sets
  6. Assign the Pardot API Access permission set

Sample Working Code

Here we aim to provide a few different samples of working code. Note: because these are samples, we are following some Minimal, Reproducible Example guidelines. These should help you understand how to incorporate the approach into your well-architected code projects.

Python Sample Code

This sample code was extended from a great GitHub Gist from booleangate. Save it locally as pythonExample.py

#!/usr/bin/env python3
# pip install jwt cryptography requests

from datetime import datetime
import jwt, time, requests

# *** Update these values to match your configuration ***
IS_SANDBOX = False
KEY_FILE = ‘mycoolcert.key’
ISSUER = ‘YOUR_OAUTH_CONSUMER_KEY’
SUBJECT = ‘YOUR_SALESFORCE_IDENTITY_USERNAME’
BUSINESS_UNIT_ID = ‘0Uv…..’
pardotUrl = ‘https://pi.demo.pardot.com/api/account/version/4/do/read?format=json&#8217;
# *******************************************************

DOMAIN = ‘test’ if IS_SANDBOX else ‘login’

print(‘Loading private key…’)
with open(KEY_FILE) as fd:
    private_key = fd.read()

print(‘Generating signed JWT assertion…’)
claim = {
    ‘iss’: ISSUER,
    ‘exp’: int(time.time()) + 604800,
    ‘aud’: ‘https://{}.salesforce.com’.format(DOMAIN),
    ‘sub’: SUBJECT,
}
assertion = jwt.encode(claim, private_key, algorithm=’RS256′, headers={‘alg’:’RS256′}).decode(‘utf8’)

#you could take the JWT and paste it in https://jwt.io to see what it ends up looking like
print(‘assertion=%s’ % assertion)
print(‘Making OAuth request…’)
loginResponse = requests.post(‘https://{}.salesforce.com/services/oauth2/token’.format(DOMAIN), data = {
    ‘grant_type’: ‘urn:ietf:params:oauth:grant-type:jwt-bearer’,
    ‘assertion’: assertion,
})

print(‘Status:’, loginResponse.status_code)
print(loginResponse.json())
accessToken = loginResponse.json().get(‘access_token’)

# Now for doing the Pardot Fun Stuff
pReqHeaders = {
    ‘Authorization’: ‘Bearer ‘+ accessToken,
    ‘Pardot-Business-Unit-Id’: BUSINESS_UNIT_ID
}

print(‘Making Pardot Account API request…’)
accountResponse = requests.get(url=pardotUrl, headers=pReqHeaders).json()
print(accountResponse)

Some tips to get this code working for you:

  1. Be sure to put the Private Key file from your self-signed certificate in the same directory as this code sample
  2. Be sure to replace the configuration values at the top of the script to match what you created
  3. Add print() statements where you want to further understand values that are being setup
  4. Make the code file executable, then just call it directly:  ./pythonExample.py and watch the output

Conclusion 

Following the above steps will get your code ready for SSO in preparation for the February 15th deadline. Have some additional insights? We would love for you to  share your experiences and tips as you work through getting your code ready for SSO. Stuck and need help – let us know and we would be glad to help audit your unique instance needs

CONTINUE READING:
Pardot API and Getting Ready with Salesforce SSO Users Series: 

The post Pardot API and Getting Ready with Salesforce SSO Users Part 3B: Connecting to Pardot API from Code appeared first on The Spot For Pardot.

By |2021-02-02T16:40:36+00:00February 2nd, 2021|Categories: Pardot SSO Update|

Pardot API and Getting Ready with Salesforce SSO Users

Back in June, Salesforce announced that the way we work with the Pardot API will be changing and that, beginning in early 2021, all Pardot users will be required to use Salesforce single sign-on. In preparation for this change, some services have started rolling out their updates, but how do you as a Pardot admin actually get ready? 

This blog post will provide step-by-step instructions on how to prepare, where to gather all the critical information you need, and a quick guide on testing that you are prepared for these changes.

Before we dive in, there is something you might need to consider: You have the option of having a single Salesforce User with multiple Connected Apps (one for each integration).You also have the option of a single Connected App with multiple Salesforce Users (one for each integration) as well as any combination of the two options.

Our recommendation is to have a single Connected App and multiple Salesforce Users (with CRM identity licenses from the bundle provided by Pardot). This option creates a direct connection between the Pardot user and the app and allows Pardot admins to easily identify which API connection made changes to Pardot if an issue ever arises. 

If you don’t have the available license count to make this work, try to segment your integrations into something that makes sense. Just make sure that the combination of Connected App and User is different for each integration (especially if 3rd party).

Ok, let’s dive in. Here are the steps to set up Pardot users with Salesforce single sign-on. 

Step 1: Set up a Salesforce User

  1. In Salesforce Setup, search for Users and click New User
  2. For this user, try to keep it integration specific. If you have 5 integrations, plan to create 5 users. Use a unique username which indicates the purpose of this integration, and be sure to select the Identity User License. (If you pick another license by mistake, you can’t downgrade the license to Identity, so be careful!)
  3. Save the new user, and then activate the account from the email that Salesforce sent out (I usually do this in a new Private Browser / Incognito Mode).
  4. As part of activating the account, pick a new, very strong password.
  5. Now that you are in, you will need to generate a security token. Click on your user at the top right, and then go to My Settings.
  6. Go to Reset My Security Token, then click the button.
  7. You should get a token in your email. Keep this, you will need it later. You can now close your private/incognito browser, as the rest of the steps will be done with your main accounts.

Step 2: Setup Pardot User

Now that our Salesforce User has been set up, we need to create a Pardot User that it will be synced with.

  1. In Salesforce, launch the Pardot app, go to Pardot Settings, Users and Add User
  2. Provide the name and email address you used for the Salesforce User
  3. Optional, but recommended: note the time zone, or maybe adjust it to match the time zone that the Integration is running in. If these don’t match, you might get some really weird results later when you use the API because of the differences in day boundaries if you use datetime based queries.
  4. Pick the CRM Username that you just created in Salesforce (you will likely need to refresh the list of users). Also, pick the Role. Sales Manager will give you access to Prospect data, and not much for Pardot assets, Marketing will likely give you what most Pardot API integrations need for access, but if you need to create custom fields, you will need to grant the Admin role. Custom roles for API access control is also supported and recommended if you have access to them.
  5. Optional, but recommended: Disable all emails that will be sent to the integration user’s mailbox.
  6. Click Create User
  7. Click the Enable Salesforce single sign-on link to complete this process.

Step 3: Create Salesforce Connected App

If you have been following along, you will note that almost all the previous steps were pretty standard for any SSO user, and you are right! Besides the Security Token this stuff is pretty straightforward.

The next bit is where the Pardot Authentication docs don’t really give much guidance, but we got ya.

  1. Switch to Salesforce Classic Experience
  2. In Setup, go to Build, Create, Apps
  3. The Apps page has a few sections. Scroll to the bottom to Connected Apps, and click New
  4. Fill in the Basic information, Enable OAuth Settings, specify the Callback URL and select the Access Pardot services OAuth Scope.
  5. You do not need to put anything in for the other sections (Web App Settings, Custom Connected App Handler, Mobile App Settings, Canvas App Settings). Click Save
  6. You may get a prompt to wait for a while before using this app. Click Continue
  7. Almost Done! You just need to copy the Consumer Key and the Consumer Secret.

Step 4: Get the Pardot Business Unit

One last piece of information needed, the Pardot Business Unit Id that you will be using the API with. You need to do this step even if you are not using the “Multiple Business Units” feature. The steps are the same for a single Pardot account, just follow along.

  1. Switch back to Lightning Experience, launch Setup
  2. Search for Pardot Setup Home, click Assign Admin to get to the list of Business Units
  3. Grab your Business Unit ID.

Step 5: Testing it all

Ok great, now that we have all the information, let’s test it out. Our favorite tool for testing APIs is Postman, and we have created a Postman Collection for Pardot that should help you get started.

  1. Install Postman and Import our collection.
  2. Click the Environment Setup button so that you can provide the information we built in all the previous steps.
  3. Click Pardot API – Salesforce SSO to configure that environment
  4. Provide all the relevant information, click the Reset All link, then scroll down to click Update

    1. If you are using the Pardot feature “Allow Multiple Prospects with Same Email Address” you need to specify api_version 4.
    2. If you are using a demo instance of Pardot, you need to change the pardot_domain to pi.demo.pardot.com
    3. If you prefer / need XML as output instead of JSON, replace the value for output_format to “xml”
  5. Close out of Manage Environments, then make sure that Postman is using it
  6. In the Pardot API – Salesforce SSO collection, expand Getting Started and click the Login Request. Click Send.
  7. Optional: Check out the Body of the request to see how the information is being passed to Salesforce to complete the login request. Note how the Password is actually a concatenation of the Salesforce Password with the Salesforce Security Token
  8. With a successful login, you should get a response that has an Access Token. This is 1 of the 2 pieces that Pardot needs.
  9. Now that you have an access token, you can start experimenting with other Pardot API requests. If you check out the other requests in the Getting Started section, you can start to see how things are tied together. Note the Headers for any of the requests, they all have the Authorization and Pardot-Business-Unit-Id headers.

Getting Ready for Salesforce Winter ‘21 Release

Hopefully, by following the steps above, you feel more prepared for the API and single sign-on updates coming early next year. What are you doing to prepare for upcoming Pardot and Salesforce releases? Let us know in the comments.  Want some help getting ahead of the curve? Give us a shout and we’ll hook you up.

The post Pardot API and Getting Ready with Salesforce SSO Users appeared first on The Spot For Pardot.

By |2021-01-06T14:33:36+00:00September 23rd, 2020|Categories: Uncategorized|

Introducing the Automated Opportunity Contact Roles App

Marketers want to show what campaigns drive revenue.  Sounds simple, right?

But not always as easy as it seems.

 

The Problem: Missing Data Ruins the Ability to Run ROI & Campaign Influence Reporting

If you’re a marketer, maybe you can relate to this scenario:

You’ve asked politely.  You’ve put together training guides. You’ve sent it up the chain of command.

But still… your sales people aren’t adding freaking Contact Roles to their Opportunities. This ruins your ability to link revenue with your marketing Campaigns using standard Campaign Influence and marketing attribution reports/dashboards.

 

The Solution: Automated Opportunity Contact Roles, Now Available on the AppExchange

We’ve seen the above scenario scenario play out time and time again.  So we built an app to address this issue and add Contact Roles automatically to opportunities.

Rather than waiting for sales to add contact roles (spoiler alert: they won’t), our app allows you to automate the process by creating business logic for when to automatically add Contact Roles to Opportunities.

You can set intelligent criteria for when to link targeted Contacts, ensuring your Campaigns finally get the sourced and influenced revenue credit they deserve.

No manual data entry for sales, no fuss, and you get the data you need for better reporting.

 

How the App for Automated Opportunity Contact Roles Works

Our Automated Opportunity Contact Roles app is extremely simple to install and use.  The highlights:

  • Choose top contacts to link to an Opportunity — based on Salesforce Last Activity Date, Salesforce Last Modified Date, or Pardot Last Activity Date.
  • Get granular: Apply your rules across all Opportunities and Accounts, or limit it to certain Opportunity owners and/or types of Contacts (with clicks, not code!)
  • Buy licenses for all of your sales reps, or just the ones that are extra bad at updating data busy
  • To take it to the NEXT LEVEL, you can even call our app’s functionality from Flows and Process Builder!

Here’s a video walk through to show you how it works:

 

How the Get the App 

Visit the AppExchange to learn more about the app or download to your org.  License pricing starts at $5 per user per month — a small price compared to all of the time you’ll save with manual data entry and missed opportunities to optimize your marketing campaigns without the data you need for ROI reporting.

Questions?  Reach out to [email protected], or give us a shout in the comments!

By |2020-02-05T18:50:45+00:00February 5th, 2020|Categories: Uncategorized|

Sercante Completes Salesforce Accelerate Build Incubator Program

Last week marked the end of the Accelerate Build program, and looking back it has been quite the journey. We not only learned a bunch about building apps with Salesforce, we also learned a lot about how to work with various teams in Salesforce.  We’re really grateful to Salesforce and the AppExchange team (particularly Mike Kreaden, Emilie Jessula, and Hana Mandapat) for the opportunity to participate in this program and look forward to sharing more about our app soon.

A bit more about the Accelerate Build program

The Salesforce Accelerate Build program is an incubator that supports companies from idea to app, fast-tracking their journey to AppExchange.  Sercante participated in Cohort 7 for North America, along with these other amazing companies:

Starting in October, we had monthly workshops in San Francisco where all 10 companies in the program got together to  do hands on exercises as well as learn from speakers from both within Salesforce and partners in the AppExchange community. In between the monthly workshops, each week there were 2 webinars covering both business and technical topics.

Overall, there was a ton of information and it did feel like it was like drinking from a fire hose (in the best possible way). Luckily all the content was recorded so that we can revisit as needed.

A new product was born

We came into the Accelerate Build program with a product idea in mind, and 50% of the build complete.  In our November workshop, we had a lightbulb moment around a second product idea related to the reporting challenges Marketers face for ROI calculations.  After discussing and evaluating with some of the tools we were introduced to in the program, we decided to make this the first product to pursue.  We submitted the app for Security Review over the winter holidays and we hope to get word on it fairly soon.

A sneak peek at the product: Automated Opportunity Contact Roles

Rather than waiting for sales to add contact roles (spoiler alert: they won’t), our app allows you to automate the process by creating business logic for when to automatically add Contact Roles to Opportunities.

You can set intelligent criteria for when to link targeted Contacts, ensuring your Campaigns finally get the sourced and influenced revenue credit they deserve. No manual data entry for sales, no fuss, and you get the data you need for better reporting.

More to come on this soon…

Want to learn more about Accelerate? 

The Accelerate program is currently recruiting for its next cohort.  Learn more about the program on the FAQs page.

Update: As of February 3, 2020, our first product is live on the AppExchange!  Read more about it here.

 

 

By |2020-02-11T12:22:52+00:00January 27th, 2020|Categories: Uncategorized|

Sercante Selected for Salesforce Accelerate Build Incubator

Our team is passionate about helping marketers be successful on the Salesforce platform, and as we help customers crush barriers and drive new initiatives, we find ourselves constantly encountering “wouldn’t it be nice if _____” moments.

Sparked from these moments, we have a few ideas for apps to extend the power of the Salesforce & Pardot platform… and Salesforce seems to think that they are pretty good too.

Building Apps & Productivity Tools for Pardot Customers 

Salesforce has selected us to participate in the Salesforce Accelerate Build program where we join 9 other fantastic companies for the next 4 months on a fast-tracked journey to build an app and get it listed on the AppExchange. Our goals for the program are to come out with our first Pardot related app on the AppExchange and to build a solid foundation to continue to make even more cool stuff in the future.

We kicked off the Accelerate Build program at the beginning of October with a 3-day in-person series of workshops. Topics included ways we can align with Salesforce’s vision and architecture to improve the value we deliver, and how to think about product/market fit using a Value Proposition Canvas. The experience was incredibly cool and sparked many new ideas on how to position what we’re looking to build.

If You’ve Got a Tough Problem… We Want to Solve it

We look forward to continuing the Accelerate Build program over the next several months. Stay tuned for more details on our first product — which we plan to debut before the end of the year.

In the meantime, we wanted to say a special thank you to the select group of customers who have provided feedback on the Alpha build of our first product. Please keep sharing your toughest marketing and sales problems, and we promise to keep looking for innovative ways to solve them!

By |2019-10-20T17:23:38+00:00October 20th, 2019|Categories: Uncategorized|