Creating the xAPI Actions Connected App

xAPI Actions contains a high availability external telemetry service that validates and filters your xAPI statements before delivering them securely to your Salesforce Org in a way that can be digested by your Salesforce Flows.

To enable this flow of xAPI statements, you first need to connect the service to your Salesforce Org. If you have created connected apps before in Salesforce, this should be a familiar process.

App manager

From the Salesforce Setup screen, use Quick Find to locate “App Manager” and open the app:

On the App Manager page view click “New Connected App” in the top right of the screen:

Complete and configure the form with the following essential details:

Connected App Name: [Enter a name of your choosing]
Contact Email: [Your Salesforce account email address for pre-validation]

Configure the required additional settings exactly as described below:

Enable 0Auth Settings: Enable this setting
Callback URL: Enter http://localhost as a value. [Note that Client Credentials Flow does not require a callback URL, so we use localhost as a placeholder value for this mandatory field]
Use the "list builder" tool to Add Selected 0Auth Scopes. The 2 required scopes are:
- Manage user data via APIs (api)
- Perform requests at any time (refresh token, offline_access)

Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows: Disable
Require Secret for Web Server Flow: Disable
Require Secret for Refresh Token Flow: Disable
Enable Client Credentials Flows: Enable this setting
- You will need to confirm this setting: "Anyone with the consumer key and consumer secret can access your org on behalf of the selected user."
Enable Authorization Code and Credentials Flow: Disable
Enable Token Exchange Flow: Disable
Enable Refresh Token Rotation: Disable
Issue JSON Web Token (JWT)-based access tokens for named users: Disable
Introspect All Tokens: Disable
Configure ID Token: Disable
Enable Asset Tokens: Disable
Enable single logout: Disable

Save this configuration, you will need to confirm to continue.

Note that changes can take up to 10 minutes to take effect.

Upon completion you will be redirected to the page you just created.

Connected app

Now select Manage from the App Manager:

Select the Edit Policies button to configure the following options exactly as described below:

The Policy setup required settings are as follows:

Permitted Users: Select "Admin approved users are pre-authorized"
- You will need to confirm this setting: "Enabling this option will result in all users currently using this app being denied access. Please reference the Connected Apps OAuth Usage Report if you are unsure who is using the app."
- Note that you need to apply this setting in order to Manage Profile as described below.
IP Relaxation: Select "Relax IP Restrictions"
Under Client Credentials Flow, select the "Run as" field and enter your User ID.

Press Save, which will take you back to the Manage App screen. [Support note: It has been noted that occasionally the Salesforce screen will error on save, even after required fields have been populated. Simply clicking Save again usually resolves this.]

Manage app

Now select the Manage Profiles button to configure the following options. [Troubleshooting note: Note that you will only see this button/option if you have successfully completed the Permitted User setting as described above]:

Select the user profile(s) that have access to this app, for example “System Administrator”:

Save the setting.

Allow about 10 minutes for Salesforce to configure your setup.