Messaging Made EasyDelivery Reporting

Overview of Delivery Reporting

Messente can send delivery reports for sent messages back to Salesforce using webhooks, by providing a URL endpoint for Messente to call using REST. The Messente for Salesforce application includes the ability to handle these delivery reports but requires the creation of a publicly available Salesforce Site to allow for the ndpoint to be visible.

Security

Although the endpoint will be publicly available, security measures are put in place to ensure that no unauthorised access is provided to the Salesforce system. This is done through a number of steps:

  1. Minimal permissions provided to the Site Guest User
  2. Use of HMAC signatures to sign and verify requests
  3. URL specification in request

We will cover all of these items in this article.

Guest User Access

As per the details in our article "Guest User Permissions" it is recommended for this Site that the Guest User is provided access only to the listed items in the article and no other permissions. This will ensure that no un-required access is available for the Guest User and that the only available route is the endpoint needed for delivery reporting.

HMAC Signatures

For the inbound request to Salesforce from Messente, a HMAC signature is created using the SHA-256 algorithm with the request body and the unique password used for the API key in sending the original message. This signature is verified and checked before any further processing is undertaken on the system and follows the best practices for updating the message records in the solution as per the Salesforce documentation here.

URL Specification in Request

The delivery URL is only shared to Messente through the outbound request from Salesforce to send the message. This helps to ensure that Messente will only send requests to an endpoint it has been instructed to per message. If the delivery reporting feature in the Messente for Salesforce application is not conifigured then no attempt to report will be made.

With this overview of the security features in place to manage access for the delivery reporting endpoint, you can begin to configure the delivery reporting feature by first configuring a Salesforce Site endpoint.