Salesforce security updates and their impact on Lib Dem Lighthouse
A number of recent phishing and supply chain attacks on Salesforce have left the organisation scrambling to implement new multi-factor authentication, step-up authentication, and verification changes at relatively short notice.
The background
We built the Liberal Democrats membership management portal, Lighthouse, back in 2019. It loads contact and other information from the Lib Dem Salesforce instance periodically and allows local party data officers to view and edit specific subsets of the data in a clean and modern online interface that users love.
Back then Bulk API 2.0 was yet to be released so high volume data extraction wasn't available and API rate limits were significantly lower than they are today. We had to come up with clever workarounds to get the project running. Primarily this involved building Salesforce reports on key data that we could download several times an hour and import into our own database. The REST API had been around a while by then, but SOAP had a 10 year headstart and was a lot faster for our use cases in testing. So SOAP it was.
The changes
7 years later, the Salesforce security changes have somewhat rained on our parade. The system's still working fine, but step-up authentication changes to be enforced this month mean we now have to provide multi-factor authentication every 2 hours in order to download reports. It turned out nobody at Prater Raines really fancied manually authenticating all day every day. Connected Apps are being phased out in favour of External Client Apps and SOAP's password and token login is no longer in favour. It was time for a rewrite.
We've spent the last month rewriting the system to use REST, OAuth, and the Bulk API, testing our changes, and released them without a hitch earlier today. Everything looks the same from an end user's point of view (although in testing I'm told it feels a little more responsive). But under the hood everything has changed. The integration is now built in to our Symfony application with hooks into the Doctrine database layer so changes, additions, and deletions automatically trigger API calls to Salesforce.
The outcome
It's not just about keeping the system running and keeping it secure. There have been some real user benefits and performance improvements too. We've dramatically reduced the time taken every time we import data from Salesforce, from 19 minutes down to less than 6 minutes. This means we can update more frequently and with less CPU usage. Relationships between our data model and Salesforce are now represented by simple PHP attributes, making it easier to make changes and add new objects in the future. The closer link between our application and Salesforce makes data conflicts less likely and improves the clarity of error messages we can provide to our users.
Don't say it too loud, but we've quite enjoyed working with Salesforce but making it work better for federated organisations where lots of users need access to very specific tranches of the data. If that sounds like you and you're looking for consultancy or have a new project in mind, please do get in touch.