Skip to content

Salesforce

Sales teams live in Salesforce. The connector puts the licensing picture where they already are: when an entitlement activates in MonetizeIt, its id and current status appear on a matching record in your Salesforce org, so an account owner sees whether a customer is live, paused or lapsed without leaving the CRM.

When an entitlement changes, MonetizeIt writes to a LicenseGrant__c custom object in your org:

MonetizeItSalesforce LicenseGrant__c
Entitlement idMonetizeItEntitlementId__c
Subscription status (active / paused / cancelled …)Status__c

The status is the entitlement’s current lifecycle state, re-evaluated against the clock on every write — a license past its end date shows as expired even if nothing else about it changed. The first write stamps MonetizeItEntitlementId__c onto the record and never rewrites it, so the entitlement and the Salesforce record stay tied together.

A few guardrails keep the write-back safe to leave running:

  • No surprise records. By default the connector only updates records that already carry the anchor; it never creates new Salesforce records unless you turn that on.
  • No writing to the wrong record. If a record is later reassigned so its anchor no longer matches, MonetizeIt refuses to overwrite it and flags it instead.
  • Idempotent. Every write targets a specific record, so retries never leave duplicates behind.

Updates are batched and sent through Salesforce’s Composite API, so a burst of activations turns into a small number of requests rather than one call each. Richer fields — activation timestamps, seats used, usage — are planned; the preview keeps the mapping deliberately small.

A Salesforce admin sets the org up once. Installing the connector’s package is the supported path — it creates the object and fields below and a minimum-permission profile for the integration user, so you don’t hand-build the schema.

MonetizeIt writes onto a LicenseGrant__c custom object. Salesforce owns the order details on it; MonetizeIt owns the write-back fields. In this preview MonetizeIt only writes the status fields — it reads the order fields when inbound sync ships.

Write-back fields (MonetizeIt-owned — leave these to the connector):

FieldTypeWrittenNotes
Status__cPicklistnowThe entitlement’s current lifecycle status. Default Pending.
MonetizeItEntitlementId__cText(64)nowThe link back to the entitlement; set once.
ActivatedAt__cDateTimelaterReserved for the usage release; empty in preview.
LastUsageAt__cDateTimelaterReserved for the usage release.
SeatsUsed__cNumber(8,0)laterReserved for the usage release.
UsageJson__cLong Text ArealaterReserved for the usage release.

Order fields (Salesforce-owned — your team maintains these):

FieldTypeRequiredNotes
NameAuto Number / TextYesDisplay name.
OrderMaster-Detail(Order)YesThe parent order.
StartDate__cDateYesValidated TODAY()-1 ≤ StartDate__c.
EndDate__cDateNoValidated EndDate__c ≥ StartDate__c. Empty means perpetual.
Quantity__cNumber(8,0)YesSeats; minimum 1.
ProductId__c / ProductCode__cText(64)One requiredProduct reference; ProductCode__c wins if both are set.
SubscriptionLookup(SBQQ__Subscription__c)NoSalesforce CPQ subscriptions only.

The order fields come into play when inbound sync ships; today the connector only writes the status fields above.

MonetizeIt authenticates server-to-server, so the org needs a connected app set up for it:

  • Create a connected app enabled for the OAuth client_credentials flow.
  • Assign an Execution User. Its profile and permission sets decide what the integration can do — assign the package’s minimum-permission profile, which grants Read / Edit on the write-back fields and nothing broader.
  • Keep OAuth scopes minimalapi and refresh_token are enough; avoid broad scopes such as full and web.
  • Note the authority for the environmenthttps://login.salesforce.com for a production org, https://test.salesforce.com for a sandbox (or your My Domain URL).

Administrator only. Give MonetizeIt the connected app’s credentials by reference — the client secret goes into your configured secret store, and MonetizeIt takes a reference to it, never the secret inline.

  1. Register the connector with MonetizeIt — its kind (Salesforce), the org’s login authority, the environment (production or sandbox), the connected app’s client id and a reference to the stored secret.
  2. Registration runs a live sign-in against your org before anything is saved and commits the connector only if that succeeds — so an unverified credential is never stored. On success it records your org’s id and binds this MonetizeIt account to that one org.
  3. MonetizeIt keeps a health status on the connection — pending → healthy → revoked, dropping to degraded if checks start failing — that you can see and re-verify at any time with a probe from the connector workbench. Rotate the secret (verified first, with no overlap window) or revoke the connector from the same place.

Nothing in your org calls MonetizeIt in this direction — the platform reaches out to Salesforce, so there is no inbound endpoint to expose.

  • No personal data leaves MonetizeIt. The outbound write carries only the entitlement’s status and id — no names, emails or usage.
  • Secrets stay in the secret store. The client secret lives only in your configured secret store, never in configuration, and a rotation takes effect only after the new secret verifies.
  • One account, one org. A connector binds exactly one MonetizeIt account to one Salesforce org; a request for another account’s connector returns not found.
  • Hardened traffic. Calls to Salesforce use TLS 1.2 or higher, reach only Salesforce domains, and never follow a redirect to another host.
  • Audited. Every registration, rotation, revoke and probe is recorded — who, when, what and the result — and retained for seven years.

So you can plan around it, these are the parts still in progress and not to build on yet:

  • Inbound sync — Salesforce accounts, contacts and orders creating or updating organizations, users and entitlements in MonetizeIt. This is where the order fields above, and Change Data Capture on the synced objects, come into play.
  • Durable delivery guarantees and usage projection onto the Salesforce record (the reserved fields above).

If you need account-and-order sync today, the Zapier and Stripe patterns — webhooks plus the REST API — are the supported way to drive entitlements from an external system.