Posts

Invoke a MuleSoft RPA Process from Flow using External Services

MuleSoft Robotic Process Automation (RPA) gives you the power to automate business processes that usually require human input and interact with systems that don’t have an API, extending the reach of Salesforce’s process automation capabilities by integrating these RPA processes into flows in Salesforce as of Winter ’23!

Use MuleSoft RPA Manager to publish REST APIs for your RPA processes to Anypoint Exchange, which you can then register as External Services in Salesforce and invoke from low-code tools like Flow Builder.

This post describes the configuration steps necessary to invoke a MuleSoft RPA Process in Flow Builder. It assumes familiarity with MuleSoft RPA, Named Credentials and External Credentials, Permission Sets, External Services, and Flow Builder.

Step 0: MuleSoft RPA Pre-requisites

  • Configure the connection between MuleSoft Anypoint platform and your org to import MuleSoft RPA APIs.
    • In MuleSoft RPA Manager, publish the RPA process as a REST API to Anypoint Exchange.
    • In MuleSoft RPA Manager, copy the API key from the User Management | User API Keys page.

MuleSoft RPA Manager: User Management page

Steps 1-3: Connect Salesforce to MuleSoft Anypoint Platform

These steps create the initial connection between MuleSoft Anypoint platform and your org:

  • Step 1: Create a Connected App in MuleSoft Anypoint PlatformA connected app in MuleSoft Anypoint platform allows Salesforce to call MuleSoft APIs.
  • Step 2: Create an Authentication ProviderUse the ID and the secret from your MuleSoft Anypoint Platform connected app to create an authentication provider.
  • Step 2b: Update Your MuleSoft Anypoint Platform Connected App – Use the Salesforce authentication provider callback URL to update your MuleSoft Anypoint Platform connected app.
  • Step 3: Create a Legacy Named Credential (Retrieve APIs) – Create a legacy named credential to access/authenticate into your MuleSoft Anypoint Platform connected app from Salesforce and retrieve the APIs published to MuleSoft Anypoint Exchange. The legacy named credential stores the URL for MuleSoft Anypoint Platform. External Services uses the legacy named credential when listing the MuleSoft APIs available for import.

Note: the ability to create a ‘Legacy’ named credential is still supported, although it will be discontinued in a future release, at which point, this portion of the instructions will be updated to reflect the new capability.

Salesforce: Named Credentials Home Page

Step 4: Create a Named Credential (Runtime) and External Credential

Note: MuleSoft RPA authenticates clients invoking RPA processes through API keys. The Salesforce Winter ’23 release includes new functionality in Named Credentials and External Credentials that supports this type of authentication.

  • Create an external credential, permission set mapping and custom header
    • Overview
      • Create a second named credential that stores the endpoint for MuleSoft RPA Manager. External Services uses the second named credential when invoking “runtime” the MuleSoft RPA process in a flow.
    • External credential:
      • Before creating a second named credential, first create an external credential.
        • Create an external credential to capture the API key and other authentication details.
        • Then create a named credential to store the actual endpoint.
        • This allows for multiple endpoints to be addressed with the same authentication configuration.
      • After entering the details for the external credential, click Save. You’re taken to the Named Credentials screen. Now you need to create a permission set mapping for this new external credential. This mapping ensures that only the correct users get access to these credentials.
    • Permission set mappings:
      • Click External Credential and select the external credential you created.
      • Scroll to Permission Sets Mappings so you can link the external credential to a user’s permission set.
      • Click New to create a permission set mapping for this external credential using the details below for an external credential that uses ‘Custom’ as the authentication protocol.
    • Custom headers:
      • Lastly, create a custom header for this external credential using the the details below as guidance for how to create a custom header.

Example
Salesforce: External Credentials Detail Page

  • Create a named credential
    • Now that you have an external credential, create a named credential and then link it to the external credential you just created in the previous step. As mentioned before, this second named credential stores the endpoint for MuleSoft RPA Manager. External Services uses the second named credential when invoking “runtime” the MuleSoft RPA process in a flow. Use the details below for how to create a named credential.

Example

Salesforce: New Named Credential Window

  • Verify that the external credential and the named credential you just created are linked
    • From the Named Credentials page, click External Credentials.
    • Click the name of the external credential from this list and confirm that the named credential you just created appears in the Related Named Credentials area shown in the example below.
    • As a reminder:
      • The Named Credential stores the MuleSoft RPA Endpoint
      • The External Credential stores the MuleSoft RPA API Key + Authentication details

Example
Salesforce: External Credentials Detail Page

Step 5: Register the MuleSoft RPA API as an External Service

As you are configuring the external service, recall that you created two named credentials.

  • Legacy named credential (Retrieve APIs) – this named credential stores the MuleSoft Anypoint platform URL and is used to retrieve the APIs published to MuleSoft Anypoint Exchange. Use this named credential in the “Select a MuleSoft Anypoint Platform Account” screen.

Example

  • Named credential (Runtime) – this named credential stores the MuleSoft RPA Manager URL and is used when invoking “runtime” the MuleSoft RPA process in a flow. Use this named credential in the “Configure your MuleSoft Anypoint Platform Service” screen.

Example

Example

Step 6: Invoke a MuleSoft RPA Process in a Flow

  • Now you are ready to start and check the status of the MuleSoft RPA process from a flow.
  • If you follow the steps outlined in the help docs Invoke a MuleSoft RPA Process in a Flow, listed below are a few additional tips to help guide you through the flow configuration.

Create Resource for RPA Process Input Variables

Tip: In step 2, when creating a New Resource to store the input variables for the RPA process, you can obtain the External Service Name and Apex Class Name from the External Services Detail Page to help configure the New Resource

Salesforce: External Services Detail Page

Assign Values to RPA Process Input Variables

Tip: In step 3, you can obtain the information about each variable/input parameter that needs to be defined in the above Apex class from the External Services Detail Page as well as the OpenAPI specification (a few examples shown below).

RPA Process OpenAPI Specification

OperationId: startProcess > ProcessExecutionWithExecutionId

ProcessExecutionWithExecutionId > ProcessExecution

ProcessExecution > inputArguments

Authorizing Salesforce access to Slack

Oftentimes the biggest obstacle to integrating Salesforce with an External Service is the first step: configuring secure designated access to that service. Below are step-by-step instructions on using OAuth 2.0 to grant Salesforce the ability to post a message in Slack:

[Slack] App & App Credentials

Tell Slack about the Salesforce app that will need access your Slack workspace, and that it needs permissions to write messages.

1.Log into Slack as the administrator of the workspace you want to integrate with Salesforce.

2. In the Apps page, click on “App Directory” in the upper right hand corner.

3. In the App Directory, click on “Build” in the upper right hand corner, which should take you to api.slack.com.

4. Click on “Start Building”.

5. In the “Create a Slack App” modal:

a. App Name: enter an app name

b. Development Slack Workspace: select the workspace you want to Salesforce to access

c. Click “Create App”

6. Modal will close, and you will see the Settings -> Basic Information page for your newly configured app. In the “Building Apps for Slack” section, under “Add features and functionality”, click “Permissions”.

7. In the Features -> OAuth & Permissions page, scroll down to the “Scopes” section. For Bot Token Scopes, click “Add an OAuth Scope”, and choose “chat:write”.

8. Scroll up to the “OAuth Tokens & Redirect URLs” section, and click “Install App to Workspace”.

9. Click “Allow” to confirm you want this app to access your Slack workspace.

[Slack] Client ID and Secret

Retrieve the shared secret that Salesforce needs to use to access Slack:

10. In the Settings -> Basic Information page for your app in Slack, scroll down to the “App Credentials” section, and copy the values for the “Client ID” and “Client Secret” fields.

[Salesforce] Auth. Provider

Configure Salesforce to request access to Slack using the shared secret:

11. Log into Salesforce as an administrator for your org.

12. In the Setup -> Auth. Providers page, click “New” to configure a new auth. provider.

13. Configure the new Auth. Provider as follows:

a. Provider Type: Open ID Connect

b. Name: (choose a name for the Auth Provider)

c. URL Suffix: (choose a suffix to be used in client configuration URLs)

d. Consumer Key: (paste in the Client ID from step #10 above)

e. Consumer Secret: (paste in the Client Secret from step #10 above)

f. Authorize Endpoint URL: https://slack.com/oauth/v2/authorize

g. Token Endpoint URL: https://slack.com/api/oauth.v2.access

h. Default Scopes: chat:write

i. (Leave all other fields with their default values)

j. Click Save

[Salesforce] Callback URL -> [Slack] Redirect URL

Whitelist the Salesforce Salesforce Callback URL in Slack:

14. From Salesforce’s Setup -> Auth. Provider page, click to view the details of your newly configured Auth. Provider.

15. Scroll down to the “Salesforce Configuration” section, and copy the value from the “Callback URL” field.

16. In Slack, go back to the “Features -> OAuth & Permissions” page for the app from step #7 above.

17. In the “Redirect URLs” section, click “Add New Redirect URL”.

18. Paste in the Callback URL from step #15 above.

19. Click “Save URLs”.

[Salesforce] Named Credentials

Configure the Slack callout endpoint and authentication parameters.

20. Go back to Salesforce.

21. From the Setup -> Named Credentials page, click “New Named Credential”.

22. Configure the new Named Credential as follows:

a. Label: (choose a label for the Named Credential)

b. Name: (choose a name for the Named Credential)

c. URL: https://slack.com

d. Identity Type: Named Principal

e. Authentication Protocol: OAuth 2.0

f. Authentication Provider: (choose Auth. Provider you configured in step #13 above.

g. Scope: chat:write

h. Start Authentication Flow on Save: checked / selected

i. (Leave all other fields with their default values)

j. Click Save. The Authentication Flow will start.

k. Click “Allow”.

Extend the Power of Flow with External Services

Lightning Flow already empowers you to declaratively automate your business processes within Salesforce. But what if your business processes require integrations between Salesforce and other non-Salesforce services? Chances are that customer service agents who use Salesforce to track and resolve support cases would also need to access information from and/or submit changes to another backend system. Or perhaps you want a Flow to create a new record in Salesforce as well as post a message in Slack to notify the team. These are scenarios where you can leverage External Services to extend the ability of Flow to automate processes beyond Salesforce!

External Services provides a declarative way to access external business processes, whether they are proprietary APIs, public APIs, or other Salesforce APIs:

For any REST API that you want available as a callout from Lightning Flow, you just need to register the OpenAPI 2.0 specification for that API, so that it will be available as an action in Flow.

Configuring Flow to Integrate with an External Service

To support this integration, you just need to provide Salesforce with the following information:

  1. Named Credentials
    • Where to configure this: Setup -> Named Credentials
    • What these configurations tell Salesforce: Where is the external service being hosted (domain URL), and what credentials do we need to send for authentication?
  2. External Services:
    • Where to configure this: Setup -> External Services
    • What these configurations tell Salesforce: Where the OpenAPI 2.0 specification is located (relative to the domain URL of the Named Credential), and/or what the API specification is. The specification describes what API callouts Salesforce can make to the external service.
  3. Flow Action:
    • Where to configure this: Setup -> Flow
    • What these configurations tell Salesforce: Which action / callout you want to make to the external API, what input parameters you want to send, and what variable you want to use to store the response.

Example

This example shows how to the register the OpenAPI 2.0 specification for the Swagger PetStore API, as well as configure a callout to the PetStore API in Flow:

Named Credential:

External Service:

Flow – Add “findPetsByStatus” action:

Flow – Configure Input Parameters and Store Response:

Learn More

Here are some more resources for you to learn more about External Services:

External Services Trailhead

Katie Kodes’ Tutorial