Top 80 Salesforce Integration Interview Questions and Answers 2026 — REST API, SOAP, OAuth, Named Credentials & MuleSoft Explained
🔗 Salesforce Integration Interview 2026
80 Salesforce Integration Interview Questions 2026 — Complete Guide
REST API, SOAP, Bulk API, Platform Events, CDC, Named Credentials, MuleSoft, Callouts, OAuth, Data Migration & Real-World Scenarios
⚡ Intermediate
🔴 Advanced
80 Questions · 8 Sections · 100% Free
Questions Index — All 80
1What is Salesforce Integration?
2Inbound vs Outbound Integration
3Bi-directional Integration
4Different Integration Methods
5What is an API?
6REST vs SOAP vs Bulk vs Streaming
7Real-time vs Batch Integration
8Best Practices for Integration
9All Salesforce API Types
10Named Credentials
11Callouts from Triggers
12External ID
13OAuth Flows
14Connected App
15Composite API
16Platform Events
17CDC vs Platform Events
18Event Replay
19MuleSoft API-led Connectivity
20Bulk API 2.0
21Retry Logic in Apex
22Apex Callout Limits
23Salesforce Connect
24@RestResource Custom Endpoint
25Mock HTTP Callouts in Tests
26Idempotency
27API Limits Management
28Integration User
29Circuit Breaker Pattern
30DataWeave in MuleSoft
31Point-to-Point vs Hub-and-Spoke
32Remote Site Settings
33Outbound Messages
34Data Migration Strategy
35Data Loading Tools
36OAuth Token Expiry
37Relationships in Migration
38sObject Collections API
39Metadata API vs Data API
40SCENARIO: Debug Intermittent Failures
41SCENARIO: 5 Million Record Sync
42SCENARIO: Real-time Closed Won
43SCENARIO: Payment Gateway
44SCENARIO: API Limits Hit Daily
45SCENARIO: Survive Downtime
46SOQL Injection Prevention
47REST vs Connect REST API
48Streaming API
49API Versioning
50Disable Triggers in Migration
51Tooling API
52Bidirectional Sync Design
53Salesforce-to-Salesforce (S2S)
54Secure API Integrations
55Enable CDC
56Test Salesforce Integrations
57Monitor Integrations in Production
58Analytics REST API
59Large JSON Responses
604 Key Integration Patterns
61Validate Data After Migration
62CloudHub vs Runtime Fabric
63Prevent Duplicate Records
64Anypoint Exchange
65SCENARIO: Conflict Resolution Bidirectional
66@future vs Queueable
67Error Logging for Integrations
68MuleSoft vs Salesforce Flow
69SCENARIO: Polling to Event-Driven
70REST API Endpoint Structure
71Graceful Degradation
72Integration Governance
73SCENARIO: Governor Limits High Volume
74Insert vs Upsert in API
75SCENARIO: GDPR Integration Design
76Batch Apex for Callouts
77Data Migration Rollback
78Anypoint Monitoring
79SCENARIO: Classic to Lightning + Integration
80Integration Go-Live Checklist
Question 01 · ⚡ Intermediate
What is Salesforce Integration and why is it important?
✅ Answer
Salesforce Integration means connecting Salesforce with external systems to exchange data and automate business processes — eliminating manual data entry, breaking data silos, and enabling end-to-end workflows across the enterprise.
📋 Without vs With Integration
| Without Integration | With Integration |
|---|---|
| Manual data re-entry between systems | Automatic real-time data sync |
| Data silos — partial picture per system | Unified 360° customer view |
| Delayed information — 1-2 day lag | Real-time or near-real-time data |
| Human errors during copy-paste | Automated, validated data transfer |
🌍 Real World Example (XYZ Company)
Without integration: Sales team entered orders in Salesforce, finance re-entered in Business Central — errors, 2-day lag. With integration: Order created in Salesforce → auto-pushed to BC → invoice generated → status synced back. Manual entry eliminated.
🎤 One-Line Answer for Interview
"Salesforce Integration connects SF with external systems to exchange data and automate processes — eliminating manual entry, data silos, and enabling end-to-end automated workflows."
Question 02 · ⚡ Intermediate
What is the difference between Inbound and Outbound Integration in Salesforce?
✅ Answer
Inbound: External system calls Salesforce APIs — external pushes data IN. Outbound: Salesforce calls an external system via HTTP callouts — Salesforce pushes data OUT. Direction is always defined from Salesforce's perspective.
📋 Inbound vs Outbound
| Aspect | Inbound | Outbound |
|---|---|---|
| Who initiates? | External system | Salesforce (Apex, Flow) |
| Direction | External → Salesforce | Salesforce → External |
| Salesforce acts as | Server / API provider | Client / API consumer |
| Examples | ERP pushes orders, webhook | Callout to payment API |
| Salesforce feature | REST/SOAP API, @RestResource | Apex HttpRequest, @future |
🎤 One-Line Answer for Interview
"Inbound: external system calls Salesforce APIs (SF = server). Outbound: Salesforce calls external system via Apex callout (SF = client). Direction always from Salesforce's perspective."
Question 03 · ⚡ Intermediate
What is Bi-directional Integration in Salesforce?
✅ Answer
Bi-directional integration means data flows both ways between Salesforce and external systems. Key challenges: infinite loop prevention, conflict resolution (which system wins?), and idempotency (safe retries). Requires careful design of system of record per data domain.
🔑 Bi-directional Challenges
- 💡Infinite loop: SF updates ERP → ERP sends update back → SF updates again... Use source tracking field
- 💡Conflict resolution: timestamp last-write-wins or domain-based system of record
- 💡Idempotency: External ID upsert prevents duplicates on retry
- 🔥Always define: which system owns which data domain BEFORE building
🎤 One-Line Answer for Interview
"Bi-directional: data flows both ways. Challenges: infinite loop prevention, conflict resolution, idempotency. Define system of record per domain before building — SF owns customer data, ERP owns financial data."
Question 04 · ⚡ Intermediate
What are the different methods of integrating Salesforce with external systems?
✅ Answer
Salesforce supports multiple integration methods: REST API, SOAP API, Bulk API 2.0, Streaming API, Platform Events, CDC, Apex HTTP Callouts (@RestResource), Salesforce Connect (External Objects), MuleSoft, Outbound Messaging, and ETL tools like Data Loader.
📋 Integration Methods Summary
| Method | Best For | Direction |
|---|---|---|
| REST API | Real-time CRUD from external | Inbound |
| Apex Callout | SF calling external in real-time | Outbound |
| Platform Events | Event-driven async | Both |
| Bulk API 2.0 | Millions of records | Both |
| MuleSoft | Multi-system orchestration | Both |
| Salesforce Connect | Live external data without import | Inbound (read) |
🎤 One-Line Answer for Interview
"REST/SOAP (sync), Bulk API (large volume), Platform Events/CDC (event-driven), MuleSoft (enterprise orchestration), Salesforce Connect (live external data). Choose based on volume, latency, and direction."
Question 05 · ⚡ Intermediate
What is an API in Salesforce Integration context?
✅ Answer
An API (Application Programming Interface) is a contract defining how systems communicate — specifying endpoints, request formats, response formats, and authentication. Salesforce uses APIs both to expose services to external systems (inbound) and to consume external services (outbound callouts).
🔑 Key API Concepts
- 💡Endpoint: URL where the API is accessible
- 💡Request: data sent to the API (method + headers + body)
- 💡Response: data returned (status code + body)
- 💡Authentication: OAuth, API Key, JWT Bearer
- 🔥REST vs SOAP: REST is JSON-based modern; SOAP is XML-based legacy
🎤 One-Line Answer for Interview
"API = contract for system communication — endpoint, request format, response format, auth. Salesforce exposes APIs for inbound and consumes external APIs via callouts for outbound integration."
Question 06 · ⚡ Intermediate
What is the difference between REST API, SOAP API, Bulk API, and Streaming API?
✅ Answer
REST API: lightweight JSON, modern, recommended. SOAP API: XML/WSDL, legacy enterprise. Bulk API 2.0: async CSV, millions of records, 150M/day. Streaming API: real-time CometD push, no polling needed.
📋 API Comparison
| API | Format | Use Case | Sync/Async |
|---|---|---|---|
| REST API | JSON/XML | Real-time CRUD | Sync |
| SOAP API | XML/WSDL | Legacy enterprise | Sync |
| Bulk API 2.0 | CSV | Millions of records | Async |
| Streaming API | CometD | Real-time push events | Async push |
🎤 One-Line Answer for Interview
"REST: modern JSON sync. SOAP: XML legacy. Bulk 2.0: millions async. Streaming: real-time push without polling. Use REST for new integrations unless forced otherwise."
Question 07 · ⚡ Intermediate
When should you use Real-time Integration vs Batch Integration?
✅ Answer
Real-time: user waits for immediate response — credit checks, payment processing, order confirmation. Batch: high-volume, lag tolerable — nightly product sync, data migration, monthly reports. Default to async unless user genuinely needs immediate response.
📋 Real-time vs Batch Decision Guide
| Factor | Real-time | Batch |
|---|---|---|
| User experience | User waits for result | User doesn't wait |
| Volume | Low (one record at a time) | High (thousands to millions) |
| Latency tolerance | Seconds | Minutes to hours |
| External system | Must be always available | Retry on failure OK |
| Examples | Credit check, payment, stock check | Nightly ERP sync, data migration |
🎤 One-Line Answer for Interview
"Real-time: user waits, immediate response needed, external system must be up. Batch: high volume, lag tolerable, resilient to downtime. Default to batch/async unless user genuinely needs immediate result."
Question 08 · ⚡ Intermediate
What are the best practices for Salesforce Integration?
✅ Answer
Key best practices: Named Credentials (no hardcoded secrets), async processing for callouts, idempotency via External IDs, error logging with retry, bulkification, circuit breaker pattern, dedicated Integration User, API limit monitoring, and thorough testing including failure scenarios.
- ✅Named Credentials — never hardcode endpoints or tokens in Apex
- ✅External IDs on all objects — idempotent upserts, safe retries
- ✅Async processing — @future/Queueable for trigger callouts
- ✅Error logging — Integration_Error__c + dashboard + alerts
- ✅Integration User — dedicated, least-privilege, not personal credentials
- ✅Test failure scenarios — 500, 401, timeout, malformed JSON
- ❌Never log sensitive data (PII, card numbers, passwords) in error objects
🎤 One-Line Answer for Interview
"Named Credentials + External IDs + async processing + error logging + Integration User + circuit breaker + test failures. Miss any one of these and go-live becomes a war room."
Question 09 · 🔴 Advanced
What are all the different Salesforce APIs and when do you use each?
✅ Answer
Six main APIs: REST (JSON, modern, recommended), SOAP (XML, legacy), Bulk API 2.0 (millions async, 150M/day), Streaming (CometD real-time push), Metadata (deploy config/code), Tooling (developer tools). Choose based on volume, latency, and direction.
| API | Format | Use Case | Limit |
|---|---|---|---|
| REST API | JSON/XML | Real-time CRUD | ~1M/day |
| SOAP API | XML/WSDL | Legacy enterprise | Lower |
| Bulk API 2.0 | CSV async | Millions of records | 150M/day |
| Streaming API | CometD | Real-time push | 250K events/day |
| Metadata API | XML files | Deploy code/config | CI/CD |
| Tooling API | JSON/XML | Dev tools, Apex exec | Dev use |
🌍 Real World Example (XYZ Company)
REST for real-time credit check. Bulk API for 500K product sync overnight. Streaming for live order status to warehouse. Metadata for CI/CD deployments. Each API for its designed purpose.
🎤 One-Line Answer for Interview
"REST (modern real-time), SOAP (legacy), Bulk 2.0 (millions async), Streaming (real-time push), Metadata (deploy), Tooling (dev tools). Choose based on volume, latency, and direction."
Question 10 · 🔴 Advanced
What is a Named Credential and why must you always use it?
✅ Answer
Named Credentials store external endpoint URLs and auth details encrypted in Salesforce. Apex uses
callout:CredentialName. Auto-refreshes OAuth tokens. No Remote Site Settings needed. Credentials never in code or version control.// BAD - credentials in code (GitHub = security breach!)
req.setEndpoint('https://api.erp.com/orders');
req.setHeader('Authorization', 'Bearer sk_live_hardcoded_123');
// GOOD - Named Credential
req.setEndpoint('callout:XYZ_ERP/orders');
// Endpoint encrypted. Token auto-refreshes. Zero code changes needed.
🔑 Key Points
- 🔥Code review rejects ANY callout with credentials hardcoded in Apex
- 💡Auto-refreshes OAuth tokens — no token expiry handling needed
- 💡Bypasses Remote Site Settings automatically
- 💡External Credentials (newer): supports multiple auth principals
🎤 One-Line Answer for Interview
"Named Credentials: encrypted endpoint + auth, callout:Name in Apex, auto-refreshes OAuth. Mandatory on every integration — credentials in code is a critical security vulnerability."
Question 11 · 🔴 Advanced
Why can't you make HTTP callouts directly from Apex triggers?
✅ Answer
Triggers execute within an open DML transaction. Salesforce throws "Callout not allowed after uncommitted work" if HTTP callout attempted while DML pending. Use @future(callout=true) or Queueable with Database.AllowsCallouts — both run in separate async transactions after DML commits.
// WRONG - direct callout in trigger
trigger OrderTrigger on Order__c (after insert) {
ERPService.createOrder(Trigger.new[0].Id); // ERROR: uncommitted work!
}
// CORRECT - delegate to async
trigger OrderTrigger on Order__c (after insert) {
Set<Id> ids = new Map<Id, Order__c>(Trigger.new).keySet();
ERPService.createOrderAsync(ids); // @future(callout=true) - runs after commit
}
🎤 One-Line Answer for Interview
"Open DML transaction blocks callouts. Use @future(callout=true) or Queueable with AllowsCallouts — both run in separate transactions after DML commits with fresh governor limits."
Question 12 · 🔴 Advanced
What is an External ID and why is it critical for Salesforce integrations?
✅ Answer
External ID: custom field storing the source system's unique key, auto-indexed, enables upsert without knowing Salesforce IDs. Makes integrations idempotent — same record sent 100 times = 1 record updated, zero duplicates.
| Without External ID | With External ID |
|---|---|
| Must query SF to find record ID first | Upsert directly by source key |
| Retry creates duplicate records | Retry = same result, no duplicates |
| 2 API calls (query + update) | 1 API call (upsert) |
🌍 Real World Example (XYZ Company)
SAP customer CUST-12345 mapped via SAP_Customer_No__c External ID. ERP retries 3 times on network failure — result: 1 Account updated, zero duplicates. Without External ID: 3 inserts = 3 duplicate Accounts in Salesforce.
🎤 One-Line Answer for Interview
"External ID stores source system key, auto-indexed, enables upsert without Salesforce ID. Mandatory on every integration object — makes integrations idempotent, retry 100 times = same result."
Question 13 · 🔴 Advanced
What are the different OAuth flows in Salesforce? Which is recommended?
✅ Answer
Five flows: JWT Bearer (server-to-server, recommended — no user, certificate trust), Web Server (browser login), User-Agent (SPA), Username-Password (avoid production — sends credentials in request), Device (IoT/CLI).
| Flow | Use Case | Recommended? |
|---|---|---|
| JWT Bearer | Server-to-server, automated jobs | ✅ Yes |
| Web Server | User-facing browser apps | ✅ Yes |
| User-Agent | JavaScript SPA | ⚡ Sometimes |
| Username-Password | Internal tools only | ❌ Avoid production |
| Device Flow | IoT, CLI without browser | ✅ Specific use |
🎤 One-Line Answer for Interview
"JWT Bearer for server-to-server (recommended — certificate trust, no user, no password in request). Web Server for browser login. Username-Password: avoid production."
Question 14 · 🔴 Advanced
What is a Connected App in Salesforce?
✅ Answer
Connected App registers an external application in Salesforce for OAuth — defines scopes (what data accessible), callback URL, IP restrictions, Consumer Key/Secret. Required for all OAuth integrations. Controls: who authenticates, what they access, from where.
🔑 Key Settings
- 💡OAuth Scopes: always minimum required — Full Access only if truly needed
- 💡IP Relaxation: relax for server-to-server JWT Bearer flows
- 🔥One Connected App per integration — separate for ERP, portal, CI/CD
- 💡Consumer Key + Secret: treat like password, never commit to Git
🎤 One-Line Answer for Interview
"Connected App registers external apps for OAuth — Consumer Key/Secret, scopes, IP restrictions. Required for all OAuth integrations. Separate Connected App per integration for independent control."
Question 15 · 🔴 Advanced
What is the Composite API in Salesforce?
✅ Answer
Composite API bundles up to 25 REST subrequests in one HTTP call with referenceId chaining — output of step 1 is input for step 2. allOrNone=true makes it transactional. Reduces API quota by up to 25x and eliminates partial failure risk.
POST /services/data/v62.0/composite
{
"allOrNone": true,
"compositeRequest": [
{"method":"POST","referenceId":"NewAccount",
"url":"/services/data/v62.0/sobjects/Account",
"body":{"Name":"XYZ Pharma Ltd"}},
{"method":"POST","referenceId":"NewContact",
"url":"/services/data/v62.0/sobjects/Contact",
"body":{"LastName":"Gandhi","AccountId":"@{NewAccount.id}"}}
]
}
// 1 HTTP call creates Account + Contact with correct relationship!
🎤 One-Line Answer for Interview
"Composite: 25 subrequests in 1 HTTP call with @{referenceId} chaining. allOrNone=true for atomic transactions. Reduces API quota 25x and eliminates partial failure risk on related record creation."
Question 16 · 🔴 Advanced
What is a Platform Event in Salesforce and how does it work?
✅ Answer
Platform Events implement publish-subscribe messaging. EventBus.publish() fires events. Apex triggers, Flows, and external systems via CometD subscribe independently. Fully decoupled — publisher doesn't know about subscribers. 72-hour event replay for zero data loss.
// Publish Platform Event
Order_Placed__e event = new Order_Placed__e(Order_Id__c=order.Id, Amount__c=order.Amount__c);
EventBus.publish(event);
// Subscribe in Apex trigger
trigger OnOrderPlaced on Order_Placed__e (after insert) {
for(Order_Placed__e e : Trigger.new) {
FulfillmentService.process(e.Order_Id__c);
}
}
// MuleSoft ALSO subscribes via CometD simultaneously - publisher knows nothing!
🔑 Key Points
- 💡Event objects: __e suffix — Order_Placed__e, Deal_Won__e
- 💡72-hour replay — external downtime = zero data loss
- 💡250K event deliveries/day (standard events)
- 💡Can publish from Flow — no Apex code needed
🎤 One-Line Answer for Interview
"Platform Events: EventBus.publish() fires __e events, multiple subscribers react independently, async, 72-hour replay. Foundation of modern decoupled Salesforce integrations."
Question 17 · 🔴 Advanced
What is Change Data Capture (CDC) and how is it different from Platform Events?
✅ Answer
CDC automatically publishes change events for every CUD on enabled objects — no code needed. Includes changedFields header. Platform Events: custom business events published manually. CDC = automated record change notifications. Platform Events = custom business triggers.
| Feature | CDC | Platform Events |
|---|---|---|
| Who publishes? | Salesforce automatically | Developer via code/Flow |
| Fires when? | Every CUD on enabled object | When explicitly published |
| Code needed? | Zero (enable in Setup) | EventBus.publish() required |
| Use case | Data synchronization | Business process triggers |
🌍 Real World Example (XYZ Company)
CDC on Account: MDM system syncs instantly on every change — zero API polling, 99% fewer API calls. Platform Event Order_Approved__e: fires only when approval completes → ERP starts fulfillment. Use CDC for data sync, Platform Events for business process triggers.
🎤 One-Line Answer for Interview
"CDC: auto-published on every record change, changedFields header, zero code. Platform Events: custom manually-published business events. CDC for data sync; Platform Events for business process integration."
Question 18 · 🔴 Advanced
What is Event Replay in Platform Events?
✅ Answer
Event Replay allows subscribers to receive missed events using ReplayId — each event has unique ID. ReplayId=-1: all retained events (up to 72 hours). ReplayId=-2: only new events. External system down for 6 hours → reconnect with last ReplayId → receive all missed events.
🌍 Real World Example (XYZ Company)
ERP down 2-6 AM maintenance. 847 Platform Events fired during downtime. ERP reconnects at 6 AM with last processed ReplayId. All 847 events delivered in order. Zero data loss. Without replay: 847 events permanently missed. Platform Events beat REST polling every time.
🎤 One-Line Answer for Interview
"Event Replay: reconnect with last ReplayId to receive all missed events up to 72 hours. ReplayId=-1 for all retained, -2 for new only. Guarantees zero data loss from external system downtime."
Question 19 · 🔴 Advanced
What is MuleSoft API-led Connectivity?
✅ Answer
Three-tier architecture: System APIs (expose raw data per source — SAP, Oracle), Process APIs (business logic + orchestration), Experience APIs (consumer-tailored — Salesforce, mobile). Change one layer without affecting others. Reusability = ROI.
| Layer | Purpose | Example |
|---|---|---|
| System APIs | Expose raw source data | SAP-Products, Oracle-Finance |
| Process APIs | Business logic + orchestration | Order-to-Cash API |
| Experience APIs | Tailored for consumer | Salesforce-Experience API |
🌍 Real World Example (XYZ Company)
SAP upgraded to S/4HANA. Only SAP System API updated. Salesforce, Oracle, and Mobile app untouched. Without MuleSoft API-led: update all 4 systems. Saved 3 months of development. Reuse = ROI.
🎤 One-Line Answer for Interview
"API-led: System (raw data) → Process (logic) → Experience (consumer-tailored). Change one layer without affecting others. MuleSoft implements via Anypoint Platform — reusability and decoupling are the key benefits."
Question 20 · 🔴 Advanced
What is the Bulk API 2.0 and how do you use it?
✅ Answer
Bulk API 2.0 processes millions of records asynchronously via CSV jobs — create job, upload CSV, poll for completion, download success/failure. 150M records/day separate limit. Data Loader uses it internally. Not for real-time operations.
// Step 1: Create Job
POST /services/data/v62.0/jobs/ingest
{"operation":"upsert","object":"Account","externalIdFieldName":"SAP_Customer_No__c"}
// Response: {"id":"7508000000M7wBQ"}
// Step 2: Upload CSV
PUT /services/data/v62.0/jobs/ingest/{jobId}/batches
Name,Industry,SAP_Customer_No__c
"XYZ Pharma","Healthcare","CUST-001"
// Step 3: Close job
PATCH /services/data/v62.0/jobs/ingest/{jobId} {"state":"UploadComplete"}
// Step 4: Poll until done
GET /services/data/v62.0/jobs/ingest/{jobId}
// Step 5: Download results (success + failed CSVs)
🎤 One-Line Answer for Interview
"Bulk API 2.0: async CSV jobs, 150M/day separate limit. Create job → upload → poll → download results. Data migrations and batch syncs — never real-time. Data Loader uses it internally."
Question 21 · 🔴 Advanced
How do you implement retry logic for failed callouts in Apex?
✅ Answer
Use Queueable with attempt counter — catch 5xx/exception → re-enqueue with count+1. After MAX_ATTEMPTS: log to Integration_Error__c + alert admin. Never retry 4xx errors (bad request — won't succeed on retry).
public class RetryCallout implements Queueable, Database.AllowsCallouts {
private Id recordId; private Integer attempts;
private static final Integer MAX = 3;
public RetryCallout(Id id, Integer attempts){this.recordId=id;this.attempts=attempts;}
public void execute(QueueableContext ctx) {
try {
HttpResponse res = makeCallout(recordId);
if(res.getStatusCode() >= 500 && attempts < MAX)
System.enqueueJob(new RetryCallout(recordId, attempts+1)); // Retry!
else if(res.getStatusCode() != 200)
logError(recordId, res.getStatus()); // Don't retry 4xx
} catch(Exception e) {
if(attempts < MAX) System.enqueueJob(new RetryCallout(recordId, attempts+1));
else logError(recordId, e.getMessage()); // Max reached
}
}
}
🎤 One-Line Answer for Interview
"Retry via Queueable with attempt counter — catch 5xx/exception, re-enqueue count+1, log after MAX. Never retry 4xx — bad requests won't succeed on retry."
Question 22 · 🔴 Advanced
What are Apex callout limits?
✅ Answer
Per transaction: 100 callouts max, 10 MB per response, 12 MB total, 120 seconds total time. Individual timeout: 10 seconds default — always set higher. Async (@future, Queueable, Batch): 100 callouts per execution with fresh limits.
| Limit | Value | Best Practice |
|---|---|---|
| Max callouts/transaction | 100 | Process in batches if >100 records |
| Response size per callout | 10 MB | Paginate external API responses |
| Total callout time | 120 seconds | Set explicit timeout per callout |
| Individual timeout default | 10 seconds | Always req.setTimeout(30000) |
🎤 One-Line Answer for Interview
"100 callouts/transaction, 10 MB/response, 120 seconds total. Always set timeout explicitly — default 10 seconds too short for enterprise APIs."
Question 23 · 🔴 Advanced
What is Salesforce Connect (External Objects)?
✅ Answer
Salesforce Connect creates External Objects (__x) that query external systems live via OData/custom adapters — data never imported. Supports SOQL, reports, related lists on live external data. No storage cost. Best for large frequently-changing data that can't be copied.
🔑 When to Use
- ✅Large external datasets impossible to import (SAP 50M records)
- ✅Data that changes frequently and must always be real-time
- ✅Data legally cannot be copied (regulatory constraints)
- ❌Not for data requiring complex Salesforce triggers/Flows
🎤 One-Line Answer for Interview
"Salesforce Connect: live query external data via External Objects (__x) without importing — SOQL-queryable, no storage cost. For large/changing/legally-restricted data that can't be copied."
Question 24 · 🔴 Advanced
What is @RestResource and how do you build a custom REST endpoint in Salesforce?
✅ Answer
@RestResource exposes an Apex class as a custom REST endpoint at /services/apexrest/. Use @HttpGet, @HttpPost, @HttpPut, @HttpDelete. Access via RestContext. Always use with sharing and WITH SECURITY_ENFORCED.
@RestResource(urlMapping='/orders/*')
global with sharing class OrderAPI {
@HttpGet
global static Map<String,Object> getOrder() {
String id = RestContext.request.requestURI.substringAfterLast('/');
Order__c o = [SELECT Id, Name, Amount__c FROM Order__c WHERE Id=:id WITH SECURITY_ENFORCED];
return new Map<String,Object>{'id'=>o.Id,'name'=>o.Name,'amount'=>o.Amount__c};
}
@HttpPost
global static String createOrder() {
Map<String,Object> body = (Map<String,Object>)JSON.deserializeUntyped(
RestContext.request.requestBody.toString());
Order__c o = new Order__c(Name=(String)body.get('name'));
insert o; RestContext.response.statusCode=201; return o.Id;
}
}
// External: GET https://xyz.my.salesforce.com/services/apexrest/orders/{id}
🎤 One-Line Answer for Interview
"@RestResource(urlMapping='/path/*') exposes custom REST at /services/apexrest/. @HttpGet/@HttpPost methods, RestContext for request/response. Always with sharing + WITH SECURITY_ENFORCED."
Question 25 · 🔴 Advanced
How do you mock HTTP callouts in Apex test classes?
✅ Answer
Test.setMock(HttpCalloutMock.class, new MockClass()) intercepts all HTTP callouts in tests returning predefined responses. Always test both success (200/201) AND failure (500, 401, timeout) scenarios.
@isTest
public class ERPMock implements HttpCalloutMock {
public HTTPResponse respond(HTTPRequest req) {
HTTPResponse res = new HTTPResponse();
res.setStatusCode(201);
res.setBody('{"erp_order_id": "ERP-12345"}');
return res;
}
}
@isTest static void testCallout() {
Test.setMock(HttpCalloutMock.class, new ERPMock());
Order__c o = TestDataFactory.createOrder(); insert o;
Test.startTest(); ERPService.createOrder(o.Id); Test.stopTest();
System.assertEquals('ERP-12345',[SELECT ERP_Order_ID__c FROM Order__c].ERP_Order_ID__c);
}
🎤 One-Line Answer for Interview
"Test.setMock(HttpCalloutMock.class, new MockClass()) intercepts callouts. Test.stopTest() forces async completion. Always test success AND failure — 200, 500, 401, bad JSON."
Question 26 · 🔴 Advanced
What is Idempotency in Salesforce Integration?
✅ Answer
Idempotency: same request processed multiple times = same result. No duplicates, no errors on retry. Critical because network failures cause automatic retries. Implement via External ID upsert, Idempotency-Key headers, and status tracking.
| Strategy | How | When |
|---|---|---|
| External ID Upsert | Same record updated, not duplicated | All inbound data loads |
| Idempotency-Key Header | UUID per operation — external ignores duplicates | Outbound REST API calls |
| Status Tracking | Check if processed before acting | Multi-step processes |
| Event ReplayId | Don't reprocess same event twice | Platform Event subscribers |
🎤 One-Line Answer for Interview
"Idempotency: same request 100 times = same result. External ID upsert + Idempotency-Key header + status tracking. Design ALL integrations idempotent from day 1 — retries are inevitable."
Question 27 · 🔴 Advanced
What are Salesforce API limits and how do you manage them?
✅ Answer
API limits: 24-hour rolling window per org (Enterprise: higher of 1,000 × users or 1M). Monitor: /limits endpoint, System Overview. Replace polling with CDC — biggest single reduction available. Batch via sObject Collections (200 records/call).
🌍 Real World Example (XYZ Company)
ERP polling every 5 min × 10 objects = 2,880 wasted API calls/day just for change detection. After enabling CDC on all 10 objects: 0 API calls for detection. API usage dropped 90%. Never hit limits again.
🎤 One-Line Answer for Interview
"24-hour rolling limit — monitor via /limits endpoint. Replace polling with CDC (0 API calls vs 288/day per endpoint), batch via sObject Collections. Target under 80% daily."
Question 28 · 🔴 Advanced
What is an Integration User and why is it important?
✅ Answer
Integration User: dedicated Salesforce account used exclusively for API integrations — not tied to any real person. Benefits: dedicated audit trail, least-privilege access, independent lifecycle from employees, easy to deactivate independently.
🔑 Best Practices
- 🔥NEVER use personal credentials — employee leaves → integration breaks
- 💡Minimum permissions: API Enabled + specific objects only — NO View All Data
- 💡One Integration User per integration for different access levels
- 💡Integration license type — cheaper than full Salesforce license
🎤 One-Line Answer for Interview
"Integration User: dedicated API account, least privilege, independent lifecycle. Personal credentials for integration = availability and security risk. Dedicated user gives clean audit trail."
Question 29 · 🔴 Advanced
What is the circuit breaker pattern in Salesforce integrations?
✅ Answer
Circuit breaker stops calling a failed external system instead of queuing thousands of retries. States: Closed (normal), Open (system down — fail fast), Half-Open (test recovery). Implement via Custom Metadata tracking state and failure timestamps.
Integration_Config__mdt cfg = [SELECT Circuit_State__c, Last_Failure__c
FROM Integration_Config__mdt WHERE Label='ERP'];
if(cfg.Circuit_State__c == 'OPEN') {
if(cfg.Last_Failure__c > DateTime.now().addMinutes(-30)) {
throw new IntegrationException('Circuit OPEN — ERP unavailable');
}
// Half-open after 30 min: allow one test call
}
🎤 One-Line Answer for Interview
"Circuit breaker: Custom Metadata Open/Closed/Half-Open state. Open = fail fast without timeout. Prevents 1000 queued failures when ERP goes down for maintenance."
Question 30 · 🔴 Advanced
What is DataWeave in MuleSoft?
✅ Answer
DataWeave is MuleSoft's data transformation language — converts between any formats (JSON, XML, CSV, Java) with functional programming. Handles conditional logic, array operations, type coercions. More powerful than any field-mapping tool.
// Transform SAP XML to Salesforce JSON
%dw 2.0
output application/json
---
{
Name: payload.BAPI_CUSTOMER.CUSTOMER_NAME,
Industry: payload.BAPI_CUSTOMER.INDUSTRY_CODE match {
case "A01" -> "Manufacturing"
case "A02" -> "Healthcare"
else -> "Other"
},
SAP_Customer_No__c: payload.BAPI_CUSTOMER.KUNNR // External ID!
}
🎤 One-Line Answer for Interview
"DataWeave: MuleSoft's functional transformation between any format — SAP XML to Salesforce JSON with conditional mapping. More powerful than any field-mapping tool for enterprise transformation."
Question 31 · 🔴 Advanced
What is the difference between point-to-point and hub-and-spoke integration?
✅ Answer
Point-to-point: each system connects directly — N systems = N×(N-1)/2 connections. Exponentially complex as systems grow. Hub-and-spoke (MuleSoft): all connect to central hub — N systems = N connections. Central monitoring, transformation, error handling.
| Aspect | Point-to-Point | Hub-and-Spoke |
|---|---|---|
| Connections (5 systems) | 10 direct connections | 5 connections total |
| New system added | Add connections to ALL others | Add 1 connection to hub |
| Monitoring | Each system separately | Central (Anypoint) |
| Best for | 2-3 systems, simple | 3+ systems, enterprise |
🎤 One-Line Answer for Interview
"Point-to-point: O(N²) connections, simple but unscalable. Hub-and-spoke (MuleSoft): O(N) connections, central monitoring. Always hub-and-spoke for 3+ systems."
Question 32 · 🔴 Advanced
What is Remote Site Settings in Salesforce?
✅ Answer
Remote Site Settings whitelist external URLs for Apex callouts — Salesforce blocks all outbound callouts by default. Required for direct endpoint URLs. NOT required when using Named Credentials (they bypass RSS automatically).
🔑 Key Points
- 💡Named Credentials bypass RSS automatically
- 💡Each unique domain needs its own entry
- 🔥Missing RSS = "Unauthorized endpoint" exception at runtime — common gotcha
- 💡Setup → Security → Remote Site Settings → New
🎤 One-Line Answer for Interview
"RSS whitelist external domains for Apex callouts. Not needed with Named Credentials. Missing RSS = 'Unauthorized endpoint' at runtime — common deployment gotcha."
Question 33 · 🔴 Advanced
What is an Outbound Message in Salesforce?
✅ Answer
Outbound Messages send SOAP XML notifications triggered by Workflow/Approval — declarative (no Apex), guaranteed delivery with retry every 2 hours for 24 hours. External system must acknowledge with 200. Use only for legacy SOAP systems — Platform Events are better for new integrations.
🎤 One-Line Answer for Interview
"Outbound Messages: SOAP XML, guaranteed delivery, auto-retry, declarative. Legacy SOAP systems only. Platform Events better for all new integrations — any protocol, more flexible."
Question 34 · 🔴 Advanced
What is the data migration strategy for Salesforce?
✅ Answer
8 steps: 1) Profile (volume, quality, duplicates). 2) Map (source → SF fields). 3) Cleanse (deduplicate). 4) External IDs on target objects. 5) ETL transform. 6) Trial sandbox load. 7) UAT validation. 8) Production cutover (weekend, parallel run, rollback plan).
🌍 Real World Example (XYZ Company)
Siebel → Salesforce: 3M Accounts, 40% duplicates found. Deduplicated to 1.8M. External ID: Siebel_Account_ID__c on all objects. Trial: 100K sandbox → 98% pass rate. Production: Friday 10 PM to Monday 6 AM. Parallel run 2 weeks. Zero rollback needed.
🎤 One-Line Answer for Interview
"Profile → Clean → Map → External IDs → Trial sandbox → UAT → Production cutover → parallel run. External IDs make migration idempotent — safe to re-run without creating duplicates."
Question 35 · 🔴 Advanced
What are the different data loading tools in Salesforce?
✅ Answer
Data Import Wizard: browser, max 50K, no delete. Data Loader: desktop/CLI, millions, all objects, all DML, Bulk API 2.0 internally. Workbench: dev ad-hoc loads. MuleSoft/ETL: complex transforms + scheduling. Always use Upsert, never Insert for migrations.
🎤 One-Line Answer for Interview
"Import Wizard: 50K browser. Data Loader: millions, all DML, Bulk API. Always Upsert with External ID — Insert creates duplicates on retry. Data Loader standard for serious migration work."
Question 36 · 🔴 Advanced
How do you handle OAuth token expiry in Salesforce integrations?
✅ Answer
Access tokens expire (typically 2 hours). Best: Named Credentials auto-refresh — zero code. Manual: catch 401 → POST refresh_token → retry. JWT Bearer: generates fresh token per session — no refresh needed. Named Credentials handles everything automatically.
🎤 One-Line Answer for Interview
"Named Credentials auto-refresh OAuth tokens — zero code. Manual: 401 → POST refresh token → retry. JWT Bearer: fresh token per session, no refresh. Always Named Credentials."
Question 37 · 🔴 Advanced
How do you handle relationships during data migration in Salesforce?
✅ Answer
Load parent objects first, then children. Use External ID relationship columns in CSV — Contact.Account referenced by Account's External ID, not Salesforce Id. No Salesforce IDs needed in migration files.
// Contact CSV using External ID relationship
FirstName,LastName,Account:SAP_Customer_No__c
John,Smith,CUST-12345
Jane,Doe,CUST-67890
// Data Loader resolves Account by SAP_Customer_No__c automatically!
// Load order: Accounts → Contacts → Opportunities → Quote Lines
🎤 One-Line Answer for Interview
"Parent first, then children. External ID relationship columns in CSV — Account:SAP_No__c resolves parent without Salesforce Id. Load order: Accounts → Contacts → Opportunities."
Question 38 · 🔴 Advanced
What is the sObject Collections API?
✅ Answer
sObject Collections API performs DML on up to 200 records in a single REST call — Insert, Update, Upsert, Delete. Returns per-record success/failure. allOrNone controls partial success. 200x more API-efficient than looping individual REST calls.
POST /services/data/v62.0/composite/sobjects
{"allOrNone":false,"records":[
{"attributes":{"type":"Account"},"Name":"Company A","SAP_Customer_No__c":"C001"},
{"attributes":{"type":"Account"},"Name":"Company B","SAP_Customer_No__c":"C002"}
]}
// Creates 2 Accounts in 1 API call instead of 2
// Response: [{id, success, errors}] per record
🎤 One-Line Answer for Interview
"sObject Collections: DML on 200 records in 1 REST call with per-record results. 200x more API-efficient. allOrNone=false allows partial success — use for integration bulk operations."
Question 39 · 🔴 Advanced
What is the Metadata API and how does it differ from the Data API?
✅ Answer
Metadata API: deploys/retrieves org configuration — Apex, LWC, custom objects, profiles, flows. Works with XML metadata files. Used by SFDX, Change Sets, CI/CD. Data API (REST/SOAP/Bulk): reads/writes business records. Metadata = configuration. Data = records.
🎤 One-Line Answer for Interview
"Metadata API deploys configuration (code, objects, flows). Data API reads/writes business records. Metadata = org setup, Data = org data — completely different tools for different purposes."
Question 40 · 🔴 Advanced — SCENARIO
SCENARIO: Salesforce integration with ERP fails intermittently. How do you debug?
✅ Answer
Debug systematically: 1) Check Integration_Error__c for patterns (time? specific records?). 2) HTTP status: 401=auth, 503=ERP down, 429=rate limited, 500=ERP bug. 3) Check API limits via /limits endpoint. 4) Named Credential token expiry. 5) Manual Postman test to isolate.
🌍 Real World Example (XYZ Company)
503 errors always 2-3 PM daily. Pattern: ERP batch job runs at 2 PM causing high load. Fix: shifted Salesforce callouts to 4 PM. Zero failures for 6 months. Always look at patterns first — intermittent = scheduling conflict or capacity issue.
🎤 One-Line Answer for Interview
"Error log patterns → HTTP status diagnosis (401/503/429/500 = different root causes) → manual Postman test → API limits check. Pattern analysis reveals scheduling conflicts."
Question 41 · 🔴 Advanced — SCENARIO
SCENARIO: Sync 5 million records from legacy system to Salesforce. Design the approach.
✅ Answer
Design: External IDs on all targets → MuleSoft reads legacy in 10K batches → DataWeave transforms → Salesforce Bulk API 2.0 upsert → parallel jobs parent/child in order → error file for retry → schedule 2 AM off-hours. 5M records ≈ 1 hour with Bulk API 2.0.
🎤 One-Line Answer for Interview
"MuleSoft 10K batches → DataWeave → Bulk API 2.0 upsert by External ID. Off-hours scheduling, error retry file. 5M records ≈ 1 hour. External IDs make it safe to re-run on failure."
Question 42 · 🔴 Advanced — SCENARIO
SCENARIO: External system needs real-time notification when Opportunity is Closed Won.
✅ Answer
Design: Record-Triggered Flow (After Save, condition: Stage changed to Closed Won) → publishes Deal_Won__e Platform Event → external system subscribes via CometD. Async, decoupled, 72-hour replay if external system is down.
🎤 One-Line Answer for Interview
"Flow detects Closed Won → Deal_Won__e Platform Event → external subscribes via CometD. Async, decoupled, 72-hour replay. Platform Events preferred over callout — downtime doesn't block Salesforce."
Question 43 · 🔴 Advanced — SCENARIO
SCENARIO: How do you integrate Salesforce with a payment gateway?
✅ Answer
PCI compliance: NEVER store raw card data in Salesforce. Architecture: LWC form uses gateway JS SDK (Stripe.js) to tokenize in browser → token to Apex → Apex calls gateway via Named Credential → stores result + token reference. Webhook updates status via Platform Event.
🌍 Real World Example (XYZ Company)
Stripe.js tokenizes card in browser → token to Apex → Stripe API called → payment_method_id stored. Stripe webhook → Platform Event → Flow updates Payment Status. Salesforce never sees card number. PCI DSS compliant. Zero violations in 2 years.
🎤 One-Line Answer for Interview
"Never store card data in Salesforce (PCI!). Tokenize in browser → Apex passes token to gateway → store result only. Salesforce only ever sees tokens, never raw card data."
Question 44 · 🔴 Advanced — SCENARIO
SCENARIO: API limits hit at 2 PM daily. How do you fix it?
✅ Answer
Fix: Replace polling with CDC (90% reduction — 0 calls vs 288/day per endpoint), batch via sObject Collections (1 call per 200 records), reschedule non-urgent syncs to 2 AM, circuit breaker at 80% limit. Monitor via /limits endpoint.
🎤 One-Line Answer for Interview
"Replace polling with CDC (zero API calls), batch via sObject Collections, reschedule to off-peak, circuit breaker at 80%. CDC eliminates most wasted calls — polling every 5 min × 10 endpoints = 2,880 wasted calls/day."
Question 45 · 🔴 Advanced — SCENARIO
SCENARIO: Design an integration that survives external system downtime.
✅ Answer
Resilience design: Platform Events (72-hour replay), retry queue (Integration_Error__c + Queueable), circuit breaker (stop when down), graceful degradation (cached data), idempotency (safe replay), monitoring alerts. Design for failure — external systems WILL go down.
🎤 One-Line Answer for Interview
"Platform Events (72h replay) + retry queue + circuit breaker + graceful degradation + idempotency. Assume external systems WILL go down — design for resilience from day 1."
Question 46 · 🔴 Advanced
What is SOQL Injection and how do you prevent it in integration scenarios?
✅ Answer
SOQL injection: external data concatenated into dynamic SOQL allows attackers to modify query logic. Prevention: bind variables (:variable) — injection-proof. String.escapeSingleQuotes() for unavoidable concatenation. Never trust external API response data directly in SOQL.
// VULNERABLE
String q = 'SELECT Id FROM Account WHERE Name = \'' + externalData + '\'';
// Attacker: ' OR Name != '' → exposes ALL accounts!
// SAFE - bind variable (injection-proof)
String name = externalData;
List<Account> accs = [SELECT Id FROM Account WHERE Name = :name];
🎤 One-Line Answer for Interview
"Bind variables (:var) are injection-proof. escapeSingleQuotes() for unavoidable concatenation. Never trust external API data as safe for direct SOQL — sanitize everything."
Question 47 · 🔴 Advanced
What is the difference between REST API and Connect REST API?
✅ Answer
REST API: standard CRUD on Salesforce data (accounts, contacts, custom objects). Connect REST API (Chatter API): specialized for Salesforce features — Chatter feeds, communities, files, recommendations, Experience Cloud. Use standard REST for data, Connect for feature integrations.
🎤 One-Line Answer for Interview
"REST: data CRUD. Connect REST: Chatter, Experience Cloud, files, recommendations — UI feature layer. Standard REST for data operations, Connect for Salesforce-specific feature integrations."
Question 48 · 🔴 Advanced
What is the Streaming API in Salesforce?
✅ Answer
Streaming API uses CometD long-polling to push server-side notifications to external clients without polling. Channels: PushTopic (SOQL-based, legacy), Generic Streaming (lightweight), Platform Event Streaming (modern, recommended). 72-hour event replay. Subscribe once, receive in real-time.
🎤 One-Line Answer for Interview
"Streaming API: server-push via CometD without polling. Platform Events is the modern channel with 72-hour replay. Subscribe once, receive events as they happen — eliminates polling API calls."
Question 49 · 🔴 Advanced
What is API versioning in Salesforce and why should you pin it?
✅ Answer
Salesforce releases 3 API versions/year. Always pin to specific version (v62.0) — never use /latest. Auto-following latest causes unexpected breaking changes. Upgrade deliberately after testing. Each version supported 3+ years.
🎤 One-Line Answer for Interview
"Always pin API version explicitly (/v62.0/) — never auto-follow latest. Breaking changes in new versions cause unexpected failures. Upgrade deliberately after regression testing."
Question 50 · 🔴 Advanced
How do you disable triggers during data migration?
✅ Answer
Use Custom Metadata kill switch in every trigger — no deployment to toggle. Disable email deliverability in sandbox. Disable workflow rules. Load off-hours. Re-enable after validation.
trigger ContactTrigger on Contact (before insert, after insert) {
Migration_Config__mdt cfg = [SELECT Is_Active__c FROM Migration_Config__mdt WHERE Label='ContactTrigger'];
if(!cfg.Is_Active__c) return; // Skip all logic during migration!
new ContactTriggerHandler().run();
}
// Migration: set Is_Active__c = false in Custom Metadata (no deployment!)
// After validation: set Is_Active__c = true — instant toggle
🎤 One-Line Answer for Interview
"Custom Metadata kill switch in every trigger — instant toggle without deployment. Also disable email deliverability and workflow rules. Never deploy code to disable during migration."
Question 51 · 🔴 Advanced
What is the Tooling API in Salesforce?
✅ Answer
Tooling API provides developer features: execute Apex anonymously, query ApexClass/ApexTrigger metadata, run tests programmatically, access debug logs, check code coverage. Powers VS Code extension and CI/CD pipelines. Not for business data.
🎤 One-Line Answer for Interview
"Tooling API: execute anonymous Apex, query code metadata, run tests, debug logs. Powers VS Code Salesforce extension and CI/CD. Not for business data — use REST/SOAP/Bulk for that."
Question 52 · 🔴 Advanced
How do you design bidirectional sync between Salesforce and ERP?
✅ Answer
SF→ERP: CDC on key objects → MuleSoft CometD subscriber → DataWeave → ERP API upsert. ERP→SF: ERP webhook → MuleSoft → Salesforce REST upsert by External ID. Conflict: timestamp last-write-wins or source tracking field. External IDs for idempotency on both sides.
🌍 Real World Example (XYZ Company)
CDC on Account/Order → MuleSoft → SAP. SAP webhook → MuleSoft → SF upsert by SAP_No__c. Conflict: SF wins for customer data, SAP wins for order status. Source_System__c tracks origin. Zero duplicates in 18 months.
🎤 One-Line Answer for Interview
"CDC → MuleSoft → ERP. ERP webhook → MuleSoft → SF upsert by External ID. Timestamp for conflict resolution. MuleSoft keeps both decoupled — change one side without breaking the other."
Question 53 · 🔴 Advanced
What is Salesforce-to-Salesforce (S2S) integration?
✅ Answer
Native Salesforce feature connecting two Salesforce orgs — publish/subscribe to share records between partner orgs without middleware. Alternative: cross-org REST API callout with OAuth. S2S for simple partner sharing; REST API for complex programmatic cross-org integrations.
🎤 One-Line Answer for Interview
"S2S: native record sharing between Salesforce orgs via pub/sub — no middleware. REST API for complex programmatic cross-org integrations with full control over payload and auth."
Question 54 · 🔴 Advanced
How do you secure API integrations in Salesforce?
✅ Answer
Security checklist: Named Credentials (encrypted endpoint+auth), OAuth JWT Bearer (no password), HTTPS only (TLS 1.2+), dedicated Integration User (least privilege), IP allowlisting in Connected App, never log sensitive payloads, Custom Metadata for config values, Shield Platform Encryption for PII.
🎤 One-Line Answer for Interview
"Named Credentials + JWT OAuth + HTTPS + least-privilege Integration User + IP allowlisting. Never hardcode or log sensitive data. Security checklist on every integration before go-live."
Question 55 · 🔴 Advanced
How do you enable Change Data Capture in Salesforce?
✅ Answer
Setup → Integrations → Change Data Capture → select objects. Standard and custom objects supported. Zero publisher code needed — Salesforce auto-publishes ChangeEvent for every DML. Subscribe in Apex: trigger on Object__ChangeEvent. External: CometD /data/ObjectChangeEvent channel.
🎤 One-Line Answer for Interview
"Enable CDC in Setup → Change Data Capture → select objects. Zero code on publisher. Subscribe via Apex trigger on Object__ChangeEvent or CometD externally."
Question 56 · 🔴 Advanced
How do you test Salesforce integrations properly?
✅ Answer
Three levels: Unit (HttpCalloutMock — no real API calls), Integration in sandbox (real calls to external dev env), E2E in staging (full flow). Always test: success, server error (500), auth failure (401), timeout, malformed JSON. Dedicated test Connected App + Integration User per environment.
🎤 One-Line Answer for Interview
"Unit: HttpCalloutMock. Integration: real sandbox API calls. E2E: staging. Always test success AND failure (500, 401, timeout, bad JSON). Dedicated test credentials per environment."
Question 57 · 🔴 Advanced
How do you monitor Salesforce integrations in production?
✅ Answer
Monitoring: Integration_Error__c custom object + CRMA/Reports dashboard (failure count, patterns, records). Email alerts on new errors. API usage via /limits endpoint (alert at 80%). Platform Event delivery via EventBusSubscriber. Anypoint Monitoring for MuleSoft flows.
🎤 One-Line Answer for Interview
"Integration_Error__c + dashboard + email alerts + API usage monitoring. Know about failures before users report them. Alert at 80% API limit — not 100%."
Question 58 · 🔴 Advanced
What is the Analytics REST API in Salesforce?
✅ Answer
Analytics REST API manages CRM Analytics (CRMA) programmatically — trigger Dataflow/Recipe runs, manage datasets (create, version rollback), query via SAQL, manage dashboards. Used in CI/CD for post-deployment dataset refreshes and external apps embedding CRMA data.
🎤 One-Line Answer for Interview
"Analytics REST API: trigger Dataflow runs, manage datasets, query via SAQL. Used in CI/CD for post-deployment refreshes and external apps consuming CRMA data programmatically."
Question 59 · 🔴 Advanced
How do you handle large JSON responses in Apex callouts?
✅ Answer
Typed deserialization (JSON.deserialize(body, MyClass.class)) — more memory efficient than untyped. Paginate external API (request in pages under 10 MB). Process in Batch Apex for very large data. Always try/catch JSONException — external APIs return unexpected formats.
// Typed deserialization (preferred)
public class ERPResponse { public String orderId; public List<LineItem> lineItems;
public class LineItem { public String code; public Integer qty; } }
try {
ERPResponse r = (ERPResponse) JSON.deserialize(res.getBody(), ERPResponse.class);
} catch(JSONException e) { logError('Malformed JSON: ' + e.getMessage()); }
🎤 One-Line Answer for Interview
"Typed deserialization preferred — memory efficient, compile-time validation. Paginate responses under 10 MB. Always try/catch JSONException — external APIs return unexpected formats."
Question 60 · 🔴 Advanced
What are the 4 key integration patterns in Salesforce?
✅ Answer
Four patterns: Request-Reply (sync REST, user waits), Fire-and-Forget (async, no response), Batch Sync (scheduled bulk), Event-Driven (Platform Events/CDC, reactive). Wrong pattern = wrong user experience and wrong performance.
| Pattern | Use When | Example |
|---|---|---|
| Request-Reply | User needs immediate result | Credit check on lead |
| Fire-and-Forget | No response needed | Order push to ERP |
| Batch Sync | Large volume, lag OK | Nightly catalog sync |
| Event-Driven | Real-time reactive | Stock alert from WMS |
🎤 One-Line Answer for Interview
"Request-Reply (sync, waits), Fire-and-Forget (async, no response), Batch Sync (bulk scheduled), Event-Driven (reactive). Choose based on latency, volume, and reliability requirements."
Question 61 · 🔴 Advanced
How do you validate data quality after a Salesforce migration?
✅ Answer
Validation: record count comparison (source vs SF), random 100-record spot checks, relationship integrity (no orphans), duplicate scan, required field completeness %, business report comparison (key metrics match source), UAT with actual users who know the data best.
🎤 One-Line Answer for Interview
"Record counts, spot checks, relationship integrity, duplicate scan, completeness %, business report comparison, UAT with real users. Users catch what technical checks miss."
Question 62 · 🔴 Advanced
What is the difference between MuleSoft CloudHub and Runtime Fabric?
✅ Answer
CloudHub: MuleSoft fully managed cloud — deploy once, MuleSoft handles servers, scaling, patching. Runtime Fabric: customer-managed on-prem or private cloud Kubernetes. CloudHub for cloud-first. Runtime Fabric for data sovereignty, compliance, on-premise connectivity.
🎤 One-Line Answer for Interview
"CloudHub: MuleSoft-managed, easiest setup. Runtime Fabric: customer-managed on-prem for data sovereignty and compliance. CloudHub for cloud-first; Runtime Fabric for regulated environments."
Question 63 · 🔴 Advanced
How do you prevent duplicate records in Salesforce integrations?
✅ Answer
Strategies: External ID upsert (primary — idempotent by design), Duplicate Rules (declarative backup), unique constraint on External ID field (auto-enforced). External ID upsert is the most reliable — no separate check needed, same key = update not insert.
🎤 One-Line Answer for Interview
"External ID upsert prevents duplicates by design — same key = update, not insert. Duplicate Rules as declarative backup. External ID is the first line of defense in every integration."
Question 64 · 🔴 Advanced
What is Anypoint Exchange in MuleSoft?
✅ Answer
Anypoint Exchange is MuleSoft's asset marketplace — reusable connectors, API specs, templates, examples. Salesforce Connector handles auth, CRUD, SOQL, Bulk, Platform Events out-of-the-box. Teams share internal templates via private Exchange. Reduces build time from weeks to days.
🎤 One-Line Answer for Interview
"Anypoint Exchange: marketplace for connectors, API specs, templates. Salesforce Connector handles all APIs out-of-the-box. Share internal templates via private Exchange — reuse not rebuild."
Question 65 · 🔴 Advanced — SCENARIO
SCENARIO: How do you design conflict resolution in bidirectional Salesforce-ERP sync?
✅ Answer
Define system of record per domain: Salesforce owns customer/marketing data, ERP owns financial/order data. Timestamp last-write-wins for shared fields. Source tracking field (Last_Updated_By_System__c). Field-level rules: ERP wins for payment terms, SF wins for marketing preferences. Document BEFORE building.
🎤 One-Line Answer for Interview
"System of record per domain, timestamp for shared fields, source tracking field. Document conflict rules before build — retroactive conflict resolution costs 10x more than upfront design."
Question 66 · 🔴 Advanced
What is the difference between @future and Queueable Apex?
✅ Answer
@future: primitive params only (no SObjects), no chaining, no Job ID, max 50/transaction. Queueable: complex types including SObjects, chainable, Job ID for monitoring. Queueable is the modern replacement — use for all new async integration patterns.
🎤 One-Line Answer for Interview
"Queueable > @future: SObjects, chainable, Job ID for monitoring. @future: primitives only, no chaining. Use Queueable for all modern async callout patterns."
Question 67 · 🔴 Advanced
How do you implement error logging for integrations in Salesforce?
✅ Answer
Create Integration_Error__c object with: Source__c, HTTP_Status__c, Error_Message__c, Record_Id__c, Retry_Count__c, Status__c. Always use Database.insert(log, false) — never let logging itself throw. Build CRMA dashboard for monitoring.
public class IntegrationLogger {
public static void log(String source, Integer status, String message, Id recordId) {
Integration_Error__c log = new Integration_Error__c(
Source__c=source, HTTP_Status__c=status,
Error_Message__c=message, Record_Id__c=recordId, Status__c='Pending Retry');
Database.insert(log, false); // Never let logging throw an exception!
}
}
🎤 One-Line Answer for Interview
"Integration_Error__c + Database.insert(log, false) — never let logging throw. Build CRMA monitoring dashboard. Know about failures before users report them."
Question 68 · 🔴 Advanced
What is the difference between MuleSoft and Salesforce Flow for integrations?
✅ Answer
Flow: internal Salesforce automation only, no direct external callouts (except via Apex), process automation. MuleSoft: any external system, complex transforms, enterprise scale, API management. Best combo: Flow triggers → Apex action → MuleSoft API call.
🎤 One-Line Answer for Interview
"Flow: internal automation. MuleSoft: external connectivity + complex transforms. Best combination: Flow trigger → Apex action → MuleSoft API for full enterprise power."
Question 69 · 🔴 Advanced — SCENARIO
SCENARIO: Client wants to move from polling-based to event-driven integration. How?
✅ Answer
Migration: Enable CDC on key objects → MuleSoft CometD subscriber replaces scheduled poll → run BOTH in parallel 2 weeks → validate identical data → disable polling → measure API reduction. Parallel run is critical — never cut over cold.
🌍 Real World Example (XYZ Company)
Polling every 5 min × 10 objects = 2,880 API calls/day. After CDC migration: 0 API calls for detection. 99% reduction. Both ran parallel 2 weeks — identical data confirmed. Polling disabled. Never hit API limits again.
🎤 One-Line Answer for Interview
"Enable CDC → MuleSoft CometD subscriber → parallel run both 2 weeks → validate identical data → disable polling. 99% API reduction. Parallel run validates before cutover."
Question 70 · 🔴 Advanced
What is the Salesforce REST API endpoint structure?
✅ Answer
Base: https://[instance].salesforce.com/services/data/v62.0/. Key endpoints: /sobjects/{Object}/{id} (CRUD), /query?q={SOQL}, /composite (batch), /search?q={SOSL}, /limits (API usage). Always pin version explicitly.
GET /services/data/v62.0/sobjects/Account/{id} // Read record
POST /services/data/v62.0/sobjects/Account // Create record
PATCH /services/data/v62.0/sobjects/Account/{id} // Update record
DELETE /services/data/v62.0/sobjects/Account/{id} // Delete record
GET /services/data/v62.0/query?q=SELECT+Id+FROM+Account+LIMIT+10
GET /services/data/v62.0/limits // Check API usage
🎤 One-Line Answer for Interview
"/services/data/v62.0/ — /sobjects for CRUD, /query for SOQL, /composite for batching, /limits for monitoring. Always pin API version."
Question 71 · 🔴 Advanced
What is graceful degradation in Salesforce integrations?
✅ Answer
Graceful degradation: system continues to function (with reduced capability) when external dependency is unavailable. Show cached/last-known data when ERP down, allow order creation with "pending sync" status, hide ERP-dependent features with "Temporarily unavailable" message.
🎤 One-Line Answer for Interview
"Graceful degradation: system functions (reduced) when external is down. Show cached data, queue operations with 'pending' status, hide unavailable features gracefully — users understand, they don't accept crashes."
Question 72 · 🔴 Advanced
What are integration governance best practices?
✅ Answer
Governance: document all integrations in a registry (source, target, pattern, owner, frequency), version all API contracts, require code review for integration changes, dedicated Integration User per integration, monitoring dashboard mandatory, DR plan, quarterly health review.
🎤 One-Line Answer for Interview
"Integration registry, version contracts, code review, dedicated users, monitoring dashboard, DR plan, quarterly health review. Undocumented integrations become 'nobody knows why this works.'"
Question 73 · 🔴 Advanced — SCENARIO
SCENARIO: Handle Salesforce governor limits in a high-volume integration.
✅ Answer
Strategy: sObject Collections (200 records/call), Bulk API 2.0 for massive volumes, replace polling with CDC/Events (eliminates polling calls), distribute via async (spread across transactions), circuit breaker at 80% limit. Design for volume from day 1.
🎤 One-Line Answer for Interview
"sObject Collections (200/call), Bulk API for massive, CDC replaces polling, async distributes load, circuit breaker at 80%. Design for volume from day 1 — retrofitting is expensive."
Question 74 · 🔴 Advanced
What is the difference between insert and upsert in Salesforce API?
✅ Answer
Insert: always creates new — duplicates on retry. Upsert: insert-or-update by External ID — matching record → update; no match → insert. Always use upsert for integration loads — idempotent, safe to retry, zero duplicate risk.
🎤 One-Line Answer for Interview
"Insert = always new (duplicates on retry). Upsert = create-or-update by External ID (safe to retry). Always use Upsert for integrations — run twice = same result, not twice the records."
Question 75 · 🔴 Advanced — SCENARIO
SCENARIO: Design Salesforce integration for a company with GDPR requirements.
✅ Answer
GDPR integration design: anonymize PII before sending to external systems (never send raw personal data without consent), EU data stays in EU data centers, right-to-erasure workflow spans all integrated systems, consent field synchronization, audit trail of all data transfers, DPA with all third-party systems.
🎤 One-Line Answer for Interview
"Anonymize PII before external transmission, EU data stays in EU, right-to-erasure spans all systems, consent sync, transfer audit trail. DPA with every third-party system mandatory."
Question 76 · 🔴 Advanced
What is the Batch Apex pattern for integration callouts?
✅ Answer
Batch Apex with Database.AllowsCallouts processes large record sets — each execute() chunk gets 100 fresh callout limit. QueryLocator handles 50M records. Best for: syncing all Accounts to ERP overnight, processing all open orders for status update.
global class ERPSyncBatch implements Database.Batchable<SObject>, Database.AllowsCallouts {
global Database.QueryLocator start(Database.BatchableContext bc) {
return Database.getQueryLocator('SELECT Id, Name FROM Account WHERE ERP_Sync_Needed__c=true');
}
global void execute(Database.BatchableContext bc, List<Account> scope) {
for(Account a : scope) { ERPService.syncAccount(a); } // 100 callouts fresh per chunk!
}
global void finish(Database.BatchableContext bc) { /* Send completion report */ }
}
🎤 One-Line Answer for Interview
"Batch Apex + Database.AllowsCallouts: 100 fresh callouts per execute() chunk. QueryLocator for 50M records. Best for nightly bulk sync of large object populations."
Question 77 · 🔴 Advanced
How do you handle data migration rollback in Salesforce?
✅ Answer
Rollback: Data Loader delete using success CSV from insert (contains all Ids), hard delete for complete removal, rollback decision deadline before parallel run ends. Prevention: thorough sandbox trial, clear go/no-go criteria. Prevention is always better than rollback.
🎤 One-Line Answer for Interview
"Rollback: Data Loader delete using success CSV (has all Ids). Hard delete for complete removal. Set go/no-go deadline + parallel run window. Prevention via sandbox trial beats rollback every time."
Question 78 · 🔴 Advanced
What is Anypoint Monitoring in MuleSoft?
✅ Answer
Anypoint Monitoring provides real-time dashboards for MuleSoft integration health — throughput, latency, error rates, processing time. Distributed tracing tracks one transaction across multiple APIs. Alerts on failure thresholds. Critical for SLA compliance and fast root cause analysis.
🎤 One-Line Answer for Interview
"Anypoint Monitoring: real-time dashboards, distributed tracing, threshold alerts. Know about integration failures before users report them. SLA visibility across all MuleSoft flows."
Question 79 · 🔴 Advanced — SCENARIO
SCENARIO: Migrate from Classic to Lightning while upgrading integrations.
✅ Answer
Parallel workstreams: 1) Lightning (VF pages → LWC). 2) Integration upgrades (add Named Credentials, @future → Queueable, Outbound Messages → Platform Events). Separate sprints, combine in UAT. Integration regression testing critical — Lightning changes can affect trigger/Flow behavior unexpectedly.
🎤 One-Line Answer for Interview
"Parallel: Lightning (VF→LWC) + Integration upgrade (Named Credentials, Queueable, Platform Events). Merge in UAT. Integration regression testing mandatory — Lightning migration affects backend behavior."
Question 80 · 🔴 Advanced
What is your integration go-live checklist?
✅ Answer
Go-live checklist: Named Credentials (zero credentials in code), Integration User (minimum permissions), Integration_Error__c + monitoring dashboard, retry logic (max 3 with backoff), External IDs on all objects (idempotency), API limits under 50%, rollback plan documented, stakeholder UAT sign-off.
🔑 Go-Live Integration Checklist
- ✅Named Credentials — zero credentials in code
- ✅Integration User — minimum permissions only
- ✅Error logging — Integration_Error__c + dashboard + alerts
- ✅Retry logic — max 3 attempts with exponential backoff
- ✅External IDs on ALL integration objects
- ✅API limits under 50% on go-live day
- ✅Rollback plan documented and tested
- ✅Monitoring dashboard live before go-live
🎤 One-Line Answer for Interview
"Named Credentials + Integration User + Error Logging + Retry Logic + External IDs + API headroom + Rollback plan + Monitoring dashboard. Miss any one of these and go-live becomes a war room."
☕
☕ Enjoyed this article?
SF Interview Pro is 100% free and maintained by a Salesforce professional. No ads, no paywalls, and no signup required. If this guide helped you prepare for an interview, earn a certification, or grow your Salesforce career, consider buying me a coffee! ☕💜
🇮🇳 UPI (India)
Pay by QR
GPay · PhonePe · Paytm · BHIM
New interview questions every week 🚀
Follow for fresh Salesforce Q&A, free courses, and real interview experiences — straight from the trenches.
👥 Follow on LinkedIn