# Creating the xAPI Actions Connected App xAPI Actions contains a high availability external telemetry service that validates and filters your xAPI statements before delivering them securely to your Salesforce Org in a way that can be digested by your Salesforce Flows. To enable this flow of xAPI statements, you first need to connect the service to your Salesforce Org. If you have created connected apps before in Salesforce, this should be a familiar process. ### App manager From the Salesforce **Setup** screen, use **Quick Find** to locate “**App Manager**” and open the app:

On the App Manager page view click “**New Connected App**” in the top right of the screen:

Complete and configure the form with the following essential details: * **Connected App Name:** \[Enter a name of your choosing] * **Contact Email:** \[Your Salesforce account email address for pre-validation]

Configure the required additional settings exactly as described below: * **Enable 0Auth Settings: ****Enable this setting** * **Callback URL:** Enter `http://localhost` as a value. \[Note that Client Credentials Flow does not require a callback URL, so we use localhost as a placeholder value for this mandatory field] * Use the "list builder" tool to **Add Selected 0Auth Scopes.** The **2 required scopes** are: * Manage user data via APIs (api) * Perform requests at any time (refresh token, offline\_access)

* **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows:** Disable * **Require Secret for Web Server Flow:** Disable * **Require Secret for Refresh Token Flow:** Disable * **Enable Client Credentials Flows: ****Enable this setting** * You will need to confirm this setting: "Anyone with the consumer key and consumer secret can access your org on behalf of the selected user." * **Enable Authorization Code and Credentials Flow:** Disable * **Enable Token Exchange Flow:** Disable * **Enable Refresh Token Rotation:** Disable * **Issue JSON Web Token (JWT)-based access tokens for named users:** Disable * **Introspect All Tokens:** Disable * **Configure ID Token:** Disable * **Enable Asset Tokens:** Disable * **Enable single logout:** Disable

**Save** this configuration, you will need to confirm to continue. Note that changes can take up to **10 minutes** to take effect. Upon completion you will be redirected to the page you just created. ### Connected app Now select **Manage** from the App Manager:

Select the **Edit Policies** button to configure the following options exactly as described below:

The **Policy setup** required settings are as follows:

* **Permitted Users:** Select "Admin approved users are pre-authorized" * You will need to confirm this setting: "Enabling this option will result in all users currently using this app being denied access. Please reference the Connected Apps OAuth Usage Report if you are unsure who is using the app." * Note that you need to apply this setting in order to **Manage Profile** as described below. * **IP Relaxation:** Select "Relax IP Restrictions" * Under **Client Credentials Flow**, select the "**Run as"** field and enter your User ID. Press **Save**, which will take you back to the **Manage App** screen. \[**Support note:** It has been noted that occasionally the Salesforce screen will error on save, even after required fields have been populated. Simply clicking **Save** again usually resolves this.] ### Manage app Now select the **Manage Profiles** button to configure the following options. \[**Troubleshooting note:** Note that you will only see this button/option if you have successfully completed the **Permitted User** setting as described above]:

Select the user profile(s) that have access to this app, for example “System Administrator”:

**Save** the setting. Allow about **10 minutes** for Salesforce to configure your setup. ### Consumer details Now go back to your **App Manager / App Listing** and select to "**View"** your connected app using the right-side function button:

Select the **Manage Consumer Details** button:

You will need to **re-authenticate your Salesforce access** at this point:

Once authenticated, your **consumer key** and **secret** will be generated:

Don't close this browser tab as you will need to **copy** and **paste** these 2 values to continue with the [**xAPI Actions** setup](https://documentation.globebyte.com/reasoning-ai/actions-for-learning/setting-up-xapi-actions)