New connectorSalesforce

Salesforce integration

Connect Salesforce to MatchAudit in one click. Send one Contact, Account, or Lead, receive one structured compliance answer, and store the audit reference back on the record without building a heavyweight CRM integration program.

Open Salesforce connector Salesforce API reference Authentication

Who this is for

This connector is designed for SMEs, fintechs, logistics teams, and lean compliance teams that already work inside Salesforce and want sanctions screening to happen where the operational record already lives.

Screen a new Contact before onboarding.
Screen an Account before approval or payment release.
Store the MatchAudit audit reference back on the record immediately.

How the connector works

1. Send one record

Salesforce Flow, Apex, or middleware sends one Contact, Account, or Lead payload to MatchAudit.

2. Get one answer

MatchAudit returns clear, review, or block with top match detail, country-risk reasoning, and the audit reference.

3. Keep the evidence

Store the audit id plus PDF or JSON export link on the Salesforce record so the decision is reproducible later.

Setup steps

Generate a MatchAudit API key from the dashboard.
Review your source settings in MatchAudit before sending production traffic.
Map one Salesforce record to the supported request fields.
Call /api/v1/integrations/salesforce/screen from Flow, Apex, or middleware.
Store the returned auditReferenceId and evidence URLs on the record.

Authentication

Use the same MatchAudit API key model as the rest of the public API. Send the key in Authorization: Bearer <MATCHAUDIT_API_KEY> or x-api-key. Keep the key server-side or in trusted middleware only.

What Salesforce should send

The connector accepts practical field aliases so you can move quickly without building a large mapping layer. The smallest useful request is just a name or company name. Country is strongly recommended because it allows MatchAudit to run country-risk evaluation in the same call.

Field	Required	Purpose
recordType	Recommended	Use contact, account, lead, or a Salesforce object alias so MatchAudit understands the record context.
recordId	Recommended	Lets you map the answer back to the exact Salesforce record.
recordUrl	Optional	Useful if you want the result payload to carry a direct record link.
fullName or name	Required for people	Primary individual name for Contact or Lead screening.
companyName or accountName	Required for companies	Primary company or account name for Account screening.
country or billingCountry	Strongly recommended	Enables country-risk evaluation in the same workflow.
dateOfBirth or dob	Optional	Improves confidence for individual matches.
identifiers	Optional	Supports stronger corroboration using passport, national id, or customer id.
aliases, nationality, gender, placeOfBirth	Optional	Additional KYC context that improves match quality.

What MatchAudit returns

Field	Meaning
screening.screeningStatus	Final connector outcome: CLEAR, REVIEW, or BLOCK.
screening.outcomeLabel	Human-readable summary such as Proceed, Review required, or Do not proceed.
screening.riskLevel	Low, medium, or high operational risk for the returned outcome.
screening.matchSummary.topMatch	Best direct sanctions match with confidence, matched fields, and reason.
screening.matchSummary.countryRisk	Country or territorial sanctions reasoning when country context was provided.
screening.auditReferenceId	Audit trail id you can store on the Salesforce record.
screening.evidence.pdfUrl	Evidence export link for a PDF package if available.
screening.evidence.jsonUrl	Evidence export link for structured JSON evidence.
screening.timestamp	When the MatchAudit connector response was produced.

Example request

POST /api/v1/integrations/salesforce/screen
Authorization: Bearer <MATCHAUDIT_API_KEY>
Content-Type: application/json
Idempotency-Key: sf-contact-0038b00002AbCdE

{
  "recordType": "contact",
  "recordId": "0038b00002AbCdE",
  "recordUrl": "https://your-org.lightning.force.com/lightning/r/Contact/0038b00002AbCdE/view",
  "requestId": "sf-flow-2026-03-27-001",
  "fullName": "Aleksandr Sergei Petrov",
  "companyName": "PetroLogix Trading Ltd",
  "country": "Cyprus",
  "dateOfBirth": "1982-03-12",
  "nationality": ["Russia", "Cyprus"],
  "identifiers": [
    { "type": "passport", "value": "724587392" }
  ]
}

Example response

200 OK
{
  "ok": true,
  "integration": {
    "key": "salesforce",
    "label": "Salesforce",
    "recordType": "contact",
    "recordId": "0038b00002AbCdE",
    "recordUrl": "https://your-org.lightning.force.com/lightning/r/Contact/0038b00002AbCdE/view"
  },
  "subject": {
    "primaryName": "Aleksandr Sergei Petrov",
    "companyName": "PetroLogix Trading Ltd",
    "subjectType": "individual",
    "country": "Cyprus",
    "location": "Cyprus"
  },
  "screening": {
    "screeningStatus": "REVIEW",
    "outcomeLabel": "Review required",
    "riskLevel": "MEDIUM",
    "actionableHit": true,
    "directNameHit": true,
    "countryRiskHit": false,
    "summary": "Aleksandr Sergei Petrov returned possible sanctions concerns that need analyst review.",
    "recommendedNextSteps": [
      "Pause the workflow until the reviewer confirms the result.",
      "Use the confidence, matched fields, and country reasoning to clear or escalate the record.",
      "Store the audit reference alongside the Salesforce record for evidence."
    ],
    "matchSummary": {
      "directMatchCount": 1,
      "topMatch": {
        "source": "OFAC SDN",
        "sourceKey": "ofac",
        "matchedName": "Aleksandr Sergei Petrov",
        "score": 0.97,
        "confidence": "High",
        "matchType": "Exact full-name match",
        "matchedOn": "official record",
        "matchedFields": ["full name", "passport"],
        "reason": "Exact name match with corroborating identifier.",
        "programs": ["SDN"]
      },
      "additionalMatches": [],
      "countryRisk": null
    },
    "sourceSelection": {
      "mode": "settings",
      "appliedSources": ["un", "eu", "ofac", "uk", "seco"],
      "settingsStore": "user_settings"
    },
    "scannedSources": ["un", "eu", "ofac", "uk", "seco"],
    "unavailableSources": [],
    "auditReferenceId": "84321",
    "evidence": {
      "pdfUrl": "https://your-domain.com/api/v1/export?type=pdf&auditId=84321",
      "jsonUrl": "https://your-domain.com/api/v1/export?type=json&auditId=84321"
    },
    "timestamp": "2026-03-27T14:18:00.000Z"
  }
}

Common errors

Error	Why it happens	What to do
400 invalid_salesforce_payload	The request body is missing a primary name or company field, or the JSON shape is wrong.	Send a supported Contact, Account, or Lead payload and confirm the name mapping.
401 missing_api_key	No MatchAudit API key was sent.	Send Authorization: Bearer or x-api-key.
401 invalid_api_key	The API key is unknown, revoked, or expired.	Generate a new key in the dashboard and update the Salesforce callout.
429 limit_exceeded	The tenant reached its monthly screening allowance.	Review plan limits or contact MatchAudit for a higher-volume plan.
500 audit_insert_failed	The screening completed but the audit artifact could not be written safely.	Retry after the service issue is resolved; do not treat the response as final evidence until it succeeds.

Troubleshooting tips

If country risk is missing, confirm you are sending country, billingCountry, or mailingCountry.
If a company is being parsed as a person, set subjectType to entity explicitly.
If you retry from Salesforce Flow, reuse an idempotent request id to avoid accidental duplicate evidence records.
Review source settings in MatchAudit before rollout so the connector uses the correct sanctions lists for your workflow.

Internal architecture and future CRM reuse

The Salesforce route sits on top of a reusable CRM connector service so future integrations like HubSpot can reuse the same auth model, validation approach, audit logging, and response schema.

Read internal architecture docs Generate API key