# Security

## Remote Callouts

In order to retrieve data from the customer's data platform, our Apex code invokes [HTTP Callouts](https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_http.htm) directly to those endpoints.

During connection configuration, [Named Credentials](https://help.salesforce.com/s/articleView?id=sf.named_credentials_about.htm\&type=5) are created which grant our Apex code the privilege to call those endpoints. No other endpoints are called by Omnata code, and this is also enforced by the Apex runtime.

## Connection Settings

Non-sensitive connection parameters (e.g. database names), are stored in Custom Metadata Types.

## Credential Storage

All sensitive credentials are stored in Named Credentials, and are not retrievable. Per Salesforce best practises, credentials are applied to outbound connections by using [Callout Endpoints](https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_named_credentials.htm).

In addition to this, when Snowflake JWT Authentication is used, a Self-Signed certificate is generated in Salesforce and used by the Named Credentials. During setup, the certificate's public key is assigned to the Snowflake user.

## Data Storage

Data accessed by External Objects is not cached or stored on the Salesforce platform, and instead is always read on demand.

## Architecture diagram

<figure><img src="/files/P5cpZ4KmPZPILTdtgdJT" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.omnata.com/omnata-product-documentation/omnata-connect-for-salesforce/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.