For larger broker agencies on Salesforce, Velora supports bidirectional sync into Sales Cloud (Lightning) including custom objects. We read Accounts / Contacts / Opportunities via REST API, write Tasks for every channel send + reply, and write Events for meeting bookings.
Two connection paths: (1) paste a Salesforce session/access token into /admin/settings → Integrations → Salesforce (Production or Sandbox toggle); (2) OAuth via Velora's Connected App — `/api/auth/salesforce/start?env=production|sandbox` + `/callback` are scaffolded and ready to enable once the Connected App passes Salesforce's review. The OAuth path captures the org-specific `instance_url` automatically so subsequent API calls land on the right host.
Salesforce-specific defenses are built in regardless of auth method: SOQL injection-safe parameterization, per-field whitelist on writes, and LIMIT clamping on reads to avoid pulling unbounded result sets through the API governor.