OAuth Access Scope

RingDNA integrates with Salesforce as an OAuth Connected App. Users and admins can revoke access at any time through Salesforce.

In order for ringDNA to function and log call data back to Salesforce reliably even when a user is offline, our application is granted the following OAuth Scopes: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_tokens_scopes.htm&type=5

• Api - Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API 2.0. This scope also includes chatter_api, which allows access to Connect REST API resources.
• Web - Allows use of the access_token on the web. This scope also includes visualforce, allowing access to customer-created Visualforce pages.
• Refresh_Token - Allows a refresh token to be returned when the requesting client is eligible to receive one. With a refresh token, the app can interact with the user’s data while the user is offline. This token is synonymous with requesting offline_access.

Example OAuth Request URL from ringDNA:

https://login.salesforce.com/services/oauth2/authorize?display=touch&client_id=[Redacted]&prompt=login&redirect_uri=[Redacted]k&response_type=code&scope=api web refresh_token&state=device:softphone;sandbox:false;uiEnv:softphone;oauthConsumerCredentialId:;

Salesforce Login History

You may see multiple login events, even if a user is offline or away on vacation. This is expected.

You can differentiate between user initiated or an automatic token refresh through RingDNA by checking the Login Type and Source IP.

Session refreshes will always originate from a Source IP associated with our application and Login Type will be Remote Access 2.0

To learn more about the Source IPs used by Revenue.io, see: IP Whitelist Security