Salesforce Integration-Architect Salesforce Certified Platform Integration Architect (Plat-Arch-204) Exam Practice Test

 The OAuth protocol is a standard way to authorizeaccess to web resources. By configuring a connected app with an authorization endpoint of the API gateway, Salesforce can obtain an access token from the API gateway and use it to invoke the external API securely. This avoids the need to manage certificates oruser credentials for authentication2

The best solution for this scenario is to use a custom object to store the file location URL and redirect the community user to the on-premise file store when they click on the URL.This way, the community user can access the large design files without having to download them or use any external data source. Option A is not feasible because the Request and Reply integration pattern is not suitable for large files and would cause performance issues. Option B is not correct because Salesforce Connect cannot upload files to an external object, only data. Option D is not possible because Salesforce Files has a limit of 2 GB per file, and the design files are 2.5 GB in size. References:

Salesforce Connect Developer Guide

Salesforce Files Developer Guide

Answer D is valid because using middleware to handle the call out to the 10 different verification services is a scalable and reliable solution that can handle the complexity and variability of the integration. The middlewarecan orchestrate the calls to the different web services, consolidate the verification results, and handle any errors or retries. The middleware can then make a call-in to Salesforce and update the verificationstatus to “verified” using an API or a platform event12

Answer A is not valid because using Salesforce external service to make the call out to the 10 different verification services is not a feasible or efficient solution. Salesforce external service is a feature that allows invoking anexternal service from a flow and mapping its inputs and outputs to flow variables. However, this feature requires configuring an Apex action, a named credential, and an external service definition for each web service, which is not a low code solution. Moreover, this feature does not support checking the verification agencies untilthe result is verified, as it only invokes the external service once per flow interview3

Answer B is not valid because creating a trigger on the trainer record to make a callout to each verification agency is not a recommended or robust solution. Triggers are Apex code that execute before or after database events, such as insert, update, or delete. However, triggers cannot make callouts directly, as they are part of a database transaction and must complete quickly. To make a callout from a trigger, an asynchronous process such as a future method or a queueablejob must be used, which adds complexity and overhead to the integration. Moreover, triggershave limits on the number of callouts and asynchronous calls they can make per transaction, which may affect the scalability and reliability of the integration.

Answer C is not valid because making an Apex callout using @future annotation to make the call out to all different agencies is not a suitable or reliable solution. The @future annotation allows marking a method for execution at a later time when system resources become available. However, this annotation has several limitations and drawbacks, such as:

Future methods cannot return values, so they cannot update the trainer status to “verified” directly.

Future methods have limits on the number of callouts andfuture calls they can make per execution, which may affect the scalability and reliability of the integration.

Future methods run in their own thread and do not share any static variables or state with other methods, which makes it difficult to consolidatethe verification results from different agencies.

Future methods are not guaranteed to execute at a specific time or order, which may affect the timeliness and accuracy of the integration.

1: Orchestration Pattern 2: RemoteProcess Invocation—Request and Reply 3: External Services : Apex Developer Guide: Triggers : Apex Developer Guide: Using Future Methods

Answer A is valid because creating an Auth provider in the package and setting the consumer key and consumer secretof the connected app in the central org can allow the package to authenticate with the central org using OAuth 2.0. An Auth provider is a configuration that specifies how to connect to an external service that uses a specific identity protocol. A connectedapp is an application that can access Salesforce resources using APIs and standard protocols. The consumer key and consumer secret are credentials that identify the connected app to Salesforce.

Answer C is valid because creating a connected app in the central org and adding the callback URL of each org the package is installed in to redirect to after successful authentication can enable the package to obtain an access token from the central org using OAuth 2.0. The callback URL is a parameter that specifies where the user should be redirected after granting or denying permission to access Salesforce resources. The access token is a credential that can be used to invoke the custom Apex REST endpoint in the central org.

Answer E is valid because using the Auth Provider configured and selecting the identity type as Named Principal with OAuth 2.0 as the protocol and selecting Start Authentication Flow on Save can initiate the authentication flow when installing the package. The identity type determines how the package accesses Salesforce resources on behalf of users or an application. The Named Principal identity type means that the package uses a single credential, such as a username and password or an access token, to access Salesforce resources for all users.TheStart Authentication Flow on Save option means that the package will prompt the user to enter the credential when saving the Auth Provider configuration.

Answer B is not valid because contacting Salesforce support and creating a case to temporarily enable API access for managed packages is not a necessary or recommended action. API access for managed packages is enabled by default and does not require any special permission or configuration from Salesforce support. Moreover, this action does not addressthe security requirement of using a specific integration account in the central org that will be authorized after installation of the package.

Answer D is not valid because using an encrypted field to store the password that the security team enters and using password management for external orgs and setting the encryption method to TLS 1.2 is not a secure or reliable solution. An encrypted field is a custom field that encrypts sensitive data at rest and masks it on the user interface. However, this fielddoes not prevent unauthorized access or leakage of data, as it can be decrypted by users who have the View Encrypted Data permission or by Apex code that runs in system mode. Moreover, this field does not support encryption methods such as TLS 1.2, which are used for securing data in transit, not at rest.

Option A is correct because external gateway products in use can affect the performance and security of outbound integrations from Salesforce to on-premise servers. External gateway products are software or hardwaredevices that act as intermediaries between Salesforce and the on-premise servers, such as firewalls, proxies, load balancers, or VPNs. They can have different configurations, features, and limitations that can impact the speed, reliability, and security ofthe data transmission. For example, some external gateway products may require authentication, encryption, or compression of the data, which can add overhead and latency to the integration. Some external gateway products may also have bandwidth or throughput limits, which can affect the scalability and availability of the integration. Therefore, the architect should consider the external gateway products in use before recommending a solution.

Option B is incorrect because a default gateway restriction is not a factor that can affect the performance and security of outbound integrations from Salesforce to on-premise servers. A default gateway restriction is a feature that allows administrators to restrict outbound requests from Salesforce to a specific IP address or domain name. This can help prevent unauthorized or malicious requests from Salesforce to external systems. However, this feature does not affect the performance or security of the outbound requests themselves, as it only acts as a filter for the destination of the requests.

Option C is incorrect because considerations for using deterministic encryption are not relevant for outbound integrations from Salesforce to on-premise servers. Deterministic encryption is a type of encryption that produces thesame ciphertext for the same plaintext input. This can help preserve some functionality and performance of encrypted data in Salesforce, such as filtering, sorting, and indexing. However, deterministic encryption is not applicable for outbound integrations from Salesforce to on-premise servers, as it is only supported for custom fields and not for standard fields or attachments. Moreover, deterministic encryption does not affect the security of the data transmission itself, as it only encrypts the data atrest in Salesforce.

Option D is incorrect because Shield Platform Encryption limitations are not relevant for outbound integrations from Salesforce to on-premise servers. Shield Platform Encryption is a feature that allows administrators to encrypt sensitive data at rest in Salesforce using AES 256-bitencryption. This can help protect data from unauthorized access or theft. However, Shield Platform Encryption limitations are not relevant for outbound integrations from Salesforce to on-premise servers, as they only affect the functionality and performance of encrypted data in Salesforce, such as searching, reporting, or validation rules. Shield Platform Encryption does not affect the security of the data transmission itself, as it only encrypts the data at rest in Salesforce.

The HttpCalloutMock interface allows testing HTTP callouts by returning a predefined response in a test context. By implementing HttpCalloutMockto return responses per RAML specification, the Apex REST API Clients unit tests can confirm that the API requests and responses match the expected format and values. Calling the Apex REST API Clients in a test context to get the mock response is also necessary to verify the adherence to the RAML specs. Calling the HttpCalloutMock implementation from the Apex REST API Clients or requiring the Apex REST API Clients to implement the HttpCalloutMock are not valid options because the HttpCalloutMock interface is implemented by a separate class that is passed as a parameter to the Test.setMock method2

Option A is correct because Salesforce B2C Commerce to Service Cloud Connector is an integration solution that allows service agents to see order history from a B2C Commerce system. Salesforce B2C Commerce to Service CloudConnector is a pre-built package that integrates Salesforce B2C Commerce and Service Cloud using REST APIs and Platform Events. It enables service agents to view, edit, cancel, and refund orders from B2C Commerce within the Service Cloud console. It also supports features such as customer verification, order search, order details, and order history.

Option B is incorrect because a REST API offered by Commerce Platform is not an integration solution that allows service agents to see order history from a B2CCommerce system. A REST API offered by Commerce Platform is a set of web services that expose the functionality and data of the Commerce Platform to external applications. It can be used to create, update, delete, or query resources such as products, catalogs, customers, or orders. However, a REST API offered by Commerce Platform is not a complete integration solution, as it requires additional development, configuration, and maintenance to connect with Service Cloud and display the order history in the Service Cloud console.

Option C is incorrect because Mulesoft Anypoint Platform is not an integration solution that allows service agents to see order history from a B2C Commerce system. Mulesoft Anypoint Platform is a platform that enables developers to build, manage, and monitor integrations and APIs across various systems and applications. It can be used to connect Salesforce B2C Commerce and Service Cloud using various connectors, protocols, and transformations. However, Mulesoft Anypoint Platform is not apre-built integration solution, as it requires additional development, configuration, and maintenance to connect with Service Cloud and display the order history in the Service Cloud console.

Option D is incorrect because a REST API offered by SalesforcePlatform is not an integration solution that allows service agents to see order history from a B2C Commerce system. A REST API offered by Salesforce Platform is a set of web services that expose the functionality and data of the Salesforce Platform to external applications. It can be used to create, update, delete, or query resources such as objects, records, metadata, or Apex classes. However, a REST API offered by Salesforce Platform is not a complete integration solution, as it requires additional development, configuration, and maintenance to connect with B2C Commerce and display the order history in the Service Cloud console.

Change Data Capture (CDC) is the best option to meet the requirement. CDC is a type of streaming event that notifies subscribers of changes to Salesforce records, such as creation, update, delete, and undelete operations. By subscribing to CDC events for the course registration data, the LMS can receive real-time updates and sync with Salesforce. Streaming API is another type of streaming event that notifies subscribers of changes to Salesforce records that match a SOQL query. However, Streaming API has some limitations, such as not supporting all SOQL features and not capturing delete and undelete operations. Platform Event is a type of streaming event that delivers custom notifications within the Salesforce platform or from external sources. Platform Event is not suitable for this requirement because it is not tied to Salesforce records and requires custom logic to publish and subscribe. Outbound Message is a workflow action that sends SOAP messages with field values to designated endpoints. Outbound Message is not suitable for this requirement because it does not support complex data types, such as sObjects or collections.

The correct answer is A, C, and D. These are three relevant details that a Salesforce Integration Architect should seek to specifically solve for Integration architecture needs of the program. These detailscan help the Integration Architect to understand the scope, requirements, and constraints of the integration solution, and to choose the appropriate tools, methods, and patterns. The details are:

Source and Target system, Directionality, data volume & transformation complexity along with any middleware that can be leveraged. This detail can help theIntegration Architect to identify the systems involved in the integration, the direction of data flow, the amount and complexity of data to be exchanged, and the middleware or platform capabilities that can facilitate the integration.

Timing aspects - real-time/near real-time (synchronous or asynchronous), batch; update frequency. This detail can help the Integration Architect to determine the latency, reliability, and scalability requirements of the integration solution, and to choose the suitable integration protocols and techniques.

Integration Style - Process based, Data based, Virtual integration. This detail can help the Integration Architect to select the appropriate integration style that matches the business needs and objectives. Process based integration focuses on orchestrating business processes across systems, data based integration focuses on synchronizing data across systems, and virtual integration focuses on providing a unified view of data across systems.

The end-to-end response time from the user’s perspective is the time elapsed between the user’s request and the user’s receipt of the final response. In the diagram, this corresponds to the sum of A and H, which are the durations of the synchronous calls from the user interface to the cloud-based application and back. The other durations (B to G) are either internal tothe cloud-based application or asynchronous calls that do not affect the user’s perception of response time. Therefore, the correct answer is D, because it represents the sum of A and H.

 These are three considerations that an Integration Architect should consider when recommending Platform Event as an Integration solution. Platform Events are a type of event-driven architecture thatallows you to publish and subscribe to custom events in Salesforce and external systems. Platform Events have some limitations and features that an Integration Architect should be aware of, such as:

Inability to query event messages using SOQL. Platform Events are not stored in Salesforce database, but in an event bus that retains them for 24 hours. You cannot use SOQL to query event messages, but you can use the EventLogFile object or the Event Monitoring feature to access them.

Inability to create a Lightning record page for platform events. Platform Events are not standard or custom objects, but a special type of sObject that can be inserted into the event bus. You cannot create a Lightning record page for platform events, but you can use Apex triggers, Lightning web components, or CometD clients to subscribe to them.

When you delete an event definition, it’s permanently removed and can’t be restored. An event definition is a metadata type that defines the schema and properties of a platform event message.You can create or modify event definitions in Salesforce Setup or using Metadata API. However, if you delete an event definition, it’s permanently removed from your org and can’t be restored. You also lose access to any event messages that use that eventdefinition.

The integration consultant should consider the following authorization and authentication needs while integrating the DMS and ESB with Salesforce:

Users should be authorized to view information specific to the customer they are servicing without a need to search for customer. This means that the integration should providea seamless and contextual access to the customer billing information and generated bills from the DMS and ESB, based on the customer record or case that the user is working on in Salesforce.

Consider Enterprise security needs for access to DMS and ESB. This means that the integration should comply with the security policies and standards of the Enterprise, such as encryption, auditing, logging, monitoring, etc.

Users should be authenticated into DMS and ESB without having to enter username and password. This means that the integration should use a single sign-on (SSO) mechanism that allows users to access multiple systems with one login credential, such asOAuth or SAML34

The integration consultant should consider the following authorization and authentication needs while integrating the DMS and ESB with Salesforce:

Users should be authorized to view information specific to the customer they are servicing without a need to search for customer. This means that the integration should provide a seamless and contextual access to the customer billing information and generated bills from the DMS and ESB, based on the customer record or case that the user is working on in Salesforce.

Consider Enterprise security needs for access to DMS and ESB. This means that the integration should comply with the security policies and standards of the Enterprise, such as encryption, auditing, logging, monitoring, etc.

Users should be authenticated into DMS and ESB without having to enter username and password. This means that the integration should use a single sign-on (SSO) mechanism that allows users to access multiple systems with one login credential, such as OAuth or SAML.

Using a Connected App for each external system integration is a good solution because it can provide security, auditing, and monitoring features for each integration. A Connected App is an application that can connect to Salesforce using APIs and OAuth as an authentication protocol. A Connected App can also enforce policies such as IP restrictions, login hours, and session timeout for each integration. Using a shared integration user for the three external system integrations is not a good solution because it violates the principle of least privilege, as well as makes it difficult to audit the activities of each system. Using a shared Connected App for the three external system integrationsis also not a good solution because it does not allow for granular control and visibility of each integration. Using a unique integration user for each external system integration is not enough to meet the security and auditing requirements, as it does not provide any mechanism for authentication, authorization, or encryption. Reference: Salesforce Integration Architecture Designer Resource Guide, page 20-21

The system constraint questions that should be considered when designing an integration to send orders from Salesforce to a fulfillment system are related to the performance, reliability, and scalability of the integration. The latency and idempotency of the integration are important factors that affect these aspects. Therefore, the questions A and D are relevant for the integration design. The question B is related to the business logic of the order validation, which is not a system constraint question. The question C is related to the implementation details of the Outbound Messaging interface, which is not a system constraint question either

The integration architect should recommend using Salesforce Connect to display the financial transactions as an external object. SalesforceConnect is a feature that allows you to integrate external data sources with Salesforce and access them in real time via external objects. External objects are similar to custom objects, but they store metadata only and not data. You can use external objects to display data from the core banking system in the customer community without copying or syncing the data. You can also use standard Salesforce features, such as reports, dashboards, or global search, with external objects. Salesforce External Serviceis a feature that allows you to import an external schema definitionand generate an Apex wrapper class that can invoke an external service. This is useful for integrating complex business processes or workflows with Salesforce, but not for displaying datain a community lightning page. Iframe is a HTML element that allows you to embed another web page within a web page. This is not a recommended solution for displaying data in a customer community, as it can pose security risks, performance issues, or userinterface problems.

The Data Virtualization pattern allows Salesforce to access external data sources without storing the data in Salesforce. This reduces the data storage and synchronization costs and enables real-time access to the historical data. Salesforce Connect can be used to consume OData endpoints exposed by the ESB tool and display the external objects as related lists or custom components on the Case object

Change Data Capture is a feature that enables you to receive near-real-time changes of Salesforce records, including create, update, delete, and undelete operations. Change Data Capture retainschange events in the event bus for up to three days, so you can resume data replication from the point of failure. Change Data Capture also provides a consistent and reliable way to synchronize data changes with external systems, without the need for custom triggers or code. Reference: Salesforce Integration Architecture Designer Resource Guide, page 24

 Idempotent design means that the same request can be repeated multiple times without changing the outcome. This is useful for avoiding duplicate orders in case of network failures or timeouts. By implementing idempotent design, the sales representatives can retry the order(s) in question without creating duplicates in the manufacturing system. Outbound messaging is not a reliable solution because it does not guarantee delivery or acknowledgement of messages. Scheduled apex is not a real-time solution and may not catch all the duplicate or missing orders

A microservice architecture is a way of designing software applications as a collection of loosely coupled services, each of which implements a specific business function.Microservices enable modularity, scalability, and agility in software development, as well as easier testing and deployment. By breaking up the monolithic web service into smaller pieces, each responsible for a single integration, UC can decouple the systems and improve the performance of the integrations. For example, UC can use Salesforce Platform Events to publish and subscribe to events from Salesforce to the legacy billing application, the ERP application, and the data lake. This way, UC can avoid point-to-point integrations and leverage an event-driven architecture that reduces coupling and increases reliability12.

The other options are not as effective as option B. Option A does not address the root cause of the tight interdependencies between systems, and may not result in significant performance improvement. Option C may improve the throughput of data loading into Salesforce, but it does not solve the problem of coupling between systems. Option D mayreduce the latency and maintenance costs of the web service, but it does not change the design of the web service or the integrations.

This is because SSL/TLS mutual authentication is a security featurethat allows Salesforce to verify the identity of the client that connects to its API endpoint on port 8443. To enable this feature, you need to upload a client certificate to Salesforce and assign the “Enforce SSL/TLS Mutual Authentication” user permission to the users who need to access the company portal. The other options are not sufficient for this scenario because:

A, Enable My Domain and SSL/TLS, is a prerequisite for using SSL/TLS mutual authentication, but it does not ensure that all integrations use it. My Domain allows you to customize your Salesforce domain name and SSL/TLS provides encryption for your data in transit.

C, Generate a Self-signed Certificate, is a step that you need to do on the client side to create a certificate that can be usedfor SSL/TLS mutual authentication, but it does not ensure that allintegrations use it. You also need to upload the certificate to Salesforce and assign the user permission.

D, Generate a CA-signed Certificate, is an alternative to generating a self-signedcertificate, but it also does not ensure that all integrations use SSL/TLS mutual authentication. You still need to upload the certificate to Salesforce and assign the user permission.

The integration architect should consider whether the fulfillment system can make a callback into Salesforce and whether it can implement a contract-first Outbound Messaging interface. A callback is a wayfor the fulfillment system to send a response or an acknowledgment back to Salesforce after receiving an order1. This can help ensure data consistencyand reliability between the two systems. A contract-first Outbound Messaging interface is an approach where the integration is designed based on a predefined XML schema that defines the structure and content of the messages2. This can help ensure interoperability and compatibility between the two systems. The other two questions are not relevant for the integration architect to consider. The fulfillment system does not need to create new addresses within the Order Create service, as this is a function of Salesforce3. The product catalog data does not need to be identical at all times in both systems, as long as there is a mapping or synchronization mechanism to handle any discrepancies

Using an Enterprise Service Bus (ESB) to determine which shipping service to use, and transform requests to the necessary format is a good solution because it can provide routing, transformation, mediation, and orchestration capabilities for integrating different services. An ESB can also abstract the complexity and heterogeneity of the services from the client application, which simplifies the integration. Using Outbound Messaging to requestcosts and delivery times from Shipper delivery services with automated error retry is not a good solution because Outbound Messaging is a Salesforce-specific feature that uses SOAP web services, which may not be compatible with all shipping services. UsingAPEX REST Service to implement routing logic to the various shipping service is also not a good solution because it can introduce performance and scalability issues, as well as increase the maintenance cost and complexity of the code. Using Enterprise Service Bus user interface to collect shipper-specific form data is not a valid option because an ESB does not have a user interface component. Reference: Salesforce Integration Architecture Designer Resource Guide, page 16-17

The integration consultant should implement monitoring by identifying criticalbusiness processes and establishing automation to monitor performance against established benchmarks. This approach can help detect and diagnose any degradation in Salesforce performance, such as slow response time, high error rate, or low availability. The automation can use various tools and methods, such as platform events, event monitoring, health check, or third-party monitoring services123

 The best solutions for minimizing potential downtime for users in this situation are to use named credentials and an enterprise ESB. Named credentials allow you to store the URLand authentication parameters of an external service in one definition, and then use it in Apex callouts or declarative integrations. If the URL of the external service changes, you only need to update the named credential once, and all the integrations that use it will be updated automatically. An enterprise ESB is a middleware layer that acts as a broker between different systems and services. It can provide routing, transformation, orchestration, and monitoring capabilities for integrations. If the URL of an external service changes, you only need to update the ESB configuration once, and all the integrations that use it will be updated automatically. Option B is not correct because remote site settings only allow you to specify the domains that are allowed for callouts from your org. They do not store any authentication parameters or provide any routing or transformation capabilities. Option C is not correct because content security policies are used to control what resources can be loaded on a Visualforce or Lightning page. They do not store any authentication parameters or provide any routing or transformation capabilities. References:

NamedCredentials

Streamline and Secure: Mastering Named Credentials in Salesforce

Using Salesforce custom object, custom REST API and ETL is a better solution than using Salesforce standard object, REST API and ETL. A custom object can store the order information and provide more flexibility and control overthe data model, validation rules, triggers, etc. A custom REST API can be used to create orders in real time from Salesforce, using the ESB as a proxy to communicate with the legacy system. An ETL tool can be used to sync the order history and status fromthe legacy system to Salesforce, using the last modified date as a filter. This way, sales reps can see the order history and the most up-to-date information on current order status, and managers can run reports on order volumes and fulfillment timelines.A standard object, such as Order, may not meet all the business requirements and may require more customization than a custom object. A standard REST API may not provide enough security and error handling for creating orders in real time. Reference: Salesforce Integration Architecture Designer Resource Guide, page 18

Theintegration architect should recommend enforcing separate security protocols and return formats at the first tier of the API-led architecture. The first tier is also known as the experience layer, which is responsible for providing a tailored interface for each system of engagement. By enforcing security and format at this layer, the integration architect can ensure that each system of engagement can access the data in a secure and consistent way, without affecting the other layers.

Streaming API is the best option for sending real-time notifications of changes to Salesforce data. Streaming API uses a publish-subscribe model to push relevant data to subscribers without polling. Streaming API supports PushTopic events, which are based on SOQL queries that define the data changes to listen for. The affiliate company can subscribe to a PushTopic event on the NTO Salesforce org and receive notifications whenever the data that matches the query changes. This way, the affiliate company can be informed of any updates to the opportunities in the NTOSalesforce instance.

Option C is correct because Salesforce should be the system of record for their customers and prospects, as it is the CRM solution that the sales and service associates use to view and log their interactions with them. Salesforce can also integrate with the Marketing and ERP solutions to display relevant information from those systems, such as campaign history, invoices, and orders12

Option A is incorrect because ERP is not a suitable system of record for customers and prospects, as it is mainly focused on invoicing and order fulfillment. ERP may not have all the data that the sales and service associates need to interactwith them, such as contact details, preferences, activities, and opportunities. ERP may also have different datamodels and definitions than Salesforce and Marketing, which can cause data quality and consistency issues3

Option B is incorrect because Marketing is not a suitable system of record for customers and prospects, as it is mainly focused on email campaigns. Marketing may not have all the data that the sales and service associates need to interact with them, such as account information, service cases, contracts, and quotes. Marketing may also have different data models and definitions than Salesforce and ERP, which can cause data quality and consistency issues.

Option D is incorrect because creating a new custom database for customers and prospects is not a feasible orefficient solution, as it would require additional development, maintenance, and integration costs. It would also create another layer of complexity and potential data duplication in the system landscape. Salesforce already provides a robust and flexibleplatform for managing customer and prospect data, which can be easily customized and integrated with other systems.

Create a special user solely for the integration purposes. This is the first thing that the Architect should do when building a solution that allows a service to access Salesforcethrough the API. Creating a special user for the integration purposes can help to ensure security, accountability, and traceability of the API calls. The special user should have a unique username, password, security token, and profile that grants only thenecessary permissions and access for the integration. The special user should also be assigned to an API-only user license type that prevents logging in to the Salesforce UI. References: Certification - Integration Architect - Trailhead, [User Licenses], [API User Permission]