Security and Heroku/Salesforce Integrations
Last updated April 20, 2022
When using Heroku and Salesforce together, particularly in the calling the Salesforce REST API, Salesforce Platform Events and Apex HTTP callouts scenarios, security posture may be improved with an exclusive trust relationship, preventing undesired traffic from the public internet.
In particular, if your Heroku application runs in a Private Space, you can:
- Ensure that the app is not available on the public internet, and only available from your Salesforce org (Salesforce → Heroku)
- Ensure that your Salesforce org has appropriate IP restrictions to prevent public access, and prevent public OAuth endpoint access (Heroku → Salesforce)
See Establishing a Trusted Connection Between Private Spaces and Salesforce for more details.