Salesforce Deploy Integration

Overview

Deploy Salesforce-connected Node.js applications to Heroku (native SF integration), Vercel, or Cloud Run with JWT authentication and proper secrets management.

Prerequisites

• Salesforce Connected App with JWT Bearer flow
• RSA key pair for server-to-server auth
• Platform CLI installed (heroku, vercel, or gcloud)
• Application tested against sandbox

Instructions

Heroku Deployment (Recommended for Salesforce)

Heroku has native Salesforce integration via Heroku Connect (bi-directional data sync).

# Create Heroku app
heroku create my-sf-app

# Set Salesforce credentials as config vars
heroku config:set SF_LOGIN_URL=https://login.salesforce.com
heroku config:set SF_CLIENT_ID=3MVG9...
heroku config:set SF_USERNAME=integration@yourcompany.com
heroku config:set SF_JWT_KEY="$(cat server.key)"

# Deploy
git push heroku main

# Optional: Add Heroku Connect for bi-directional sync
heroku addons:create herokuconnect:demo
heroku connect:authorize
# Map sObjects: Account, Contact, Opportunity → Postgres tables

Vercel Deployment (Serverless)

# Add Salesforce secrets
vercel env add SF_LOGIN_URL production
vercel env add SF_CLIENT_ID production
vercel env add SF_USERNAME production
vercel env add SF_JWT_KEY production  # Paste private key content

# Deploy
vercel --prod

{
  "functions": {
    "api/**/*.ts": {
      "maxDuration": 30
    }
  }
}

// api/salesforce/accounts.ts — Vercel serverless function
import jsforce from 'jsforce';

export default async function handler(req, res) {
  const conn = new jsforce.Connection({
    loginUrl: process.env.SF_LOGIN_URL,
  });

  // JWT auth — no password needed
  await conn.authorize({
    grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
    client_id: process.env.SF_CLIENT_ID!,
    username: process.env.SF_USERNAME!,
    privateKey: process.env.SF_JWT_KEY!,
  });

  const accounts = await conn.query(
    'SELECT Id, Name, Industry FROM Account ORDER BY CreatedDate DESC LIMIT 10'
  );

  res.json({ accounts: accounts.records });
}

Google Cloud Run

FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
CMD ["npm", "start"]

# Store JWT key in Secret Manager
echo -n "$(cat server.key)" | gcloud secrets create sf-jwt-key --data-file=-

# Build and deploy
gcloud builds submit --tag gcr.io/$PROJECT_ID/sf-service

gcloud run deploy sf-service \
  --image gcr.io/$PROJECT_ID/sf-service \
  --region us-central1 \
  --platform managed \
  --set-env-vars SF_LOGIN_URL=https://login.salesforce.com \
  --set-env-vars SF_CLIENT_ID=3MVG9... \
  --set-env-vars SF_USERNAME=integration@yourcompany.com \
  --set-secrets=SF_JWT_KEY=sf-jwt-key:latest

Health Check Pattern

// health.ts — include in every deployment
export async function healthCheck() {
  const conn = new jsforce.Connection({ loginUrl: process.env.SF_LOGIN_URL });

  try {
    await conn.authorize({ /* JWT params */ });
    const limits = await conn.request('/services/data/v59.0/limits/');
    const apiRemaining = limits.DailyApiRequests.Remaining;

    return {
      status: apiRemaining > 1000 ? 'healthy' : 'degraded',
      salesforce: {
        connected: true,
        instance: conn.instanceUrl,
        apiRemaining,
      },
    };
  } catch (error: any) {
    return {
      status: 'unhealthy',
      salesforce: { connected: false, error: error.message },
    };
  }
}

Output

• Application deployed to production platform
• JWT authentication configured (no passwords in config)
• Salesforce secrets stored in platform-native secrets manager
• Health check endpoint verifying Salesforce connectivity
• API limit monitoring active

Error Handling

INVALID_GRANT

login.salesforce.com

test.salesforce.com

Resources

• Heroku Connect
• Vercel Environment Variables
• Cloud Run Secrets
• JWT Bearer Flow

Next Steps

For event handling, see

salesforce-webhooks-events