Headless Doesn’t Mean Ungoverned: How Trust Works When Agents Call Salesforce
Summary
The article explains how to securely govern external agents interacting with Salesforce via Headless 360. It stresses managing trust through OAuth 2.0 Authorization Code with PKCE, fine-tuned permission sets, field-level security, and audit trails rather than relying on API contracts. Salesforce teams can ensure agents access only what is necessary, maintain per-user audit trails, and handle token lifecycles properly. The approach shifts responsibility to deliberate design of permissions and governance for AI-powered or automated external agents.
Takeaways
- Use OAuth 2.0 Authorization Code with PKCE for authenticating external agents.
- Design permission sets and FLS specifically for the agent’s required access scope.
- Enable Event Monitoring and field history tracking for detailed audit trails.
- Include refresh_token scope to maintain agent session across interactions.
- Revoke user tokens promptly to remove agent access when needed.
When a user logs into Salesforce and clicks a button, trust is familiar. You know who they are, you decide what they’re allowed to do, and there’s an audit trail with their name on it. When an external agent connects to your org, it feels different. Yet, the same principles apply, even if the session is established and scoped differently. For a human user, we manage scope and security through login and user permissions with profiles and permission sets. For an external agent, what it can access and do is governed through OAuth and the external client app configuration . Architects designing agentic systems often focus on the capabilities of the agent.