We’re a worker-owned agency that designs, builds and supports websites for organisations we believe in.

Integrating Salesforce with Drupal

Are you already using Salesforce, or considering it?

You're not alone! Salesforce is a very popular, on-demand (aka Software as a Service aka SaaS), multi-purpose CRM with free and subsidised subscription options for eligible non-profits provided by Salesforce's Power of Us Program.

We're agnostic about the CRMs and other systems and services that our clients use, but we've seen a steady uptick in requirements for Salesforce integration from our clients and others like them in recent years, so thought it might be helpful to share some of our experience.

Why integrate Salesforce with Drupal?

You’ve got Salesforce set up, you’ve migrated your data over from your previous CRM (or whatever you were using before), and it’s now the single source of truth for data on your members / donors / supporters / customers (delete as applicable).

That’s great. But you know there’s data in Salesforce that you would really like to display on, or make editable via, your website. For example: you’re a membership organisation and you need to be able to maintain an up-to-date directory of your members on your website; or perhaps you would like your members to be able to view and update the data you hold on them through a self-service website account. There are lots of possibilities anyway, and the less admin for you and your team the better.

There be dragons!

So you want to integrate Salesforce with your website? Sounds good. But before diving head-first into your integration options there are a few things you’ll need to consider…

Data integrity

The data in your CRM is business-critical stuff and you want to be sure to avoid anything that threatens the integrity of this data. Poorly planned and implemented integrations have the potential to corrupt or even destroy your Salesforce data.


Integrating Salesforce with Drupal means opening up a potential security vulnerability which could result in attackers gaining access to your Salesforce data via the integration.


Don’t forget whose data you’re dealing with. If your integration results in the transfer of your customer’s data to your Drupal application you might be acting outside of your data protection and privacy policy.


The continuous availability and responsiveness of Salesforce and its APIs should not be assumed, so integrations need to be designed and implemented in a way that handles any service interruption at the Salesforce end while maintaining a good experience for your users.

Development environment

Regardless of the integration option you decide to pursue, you’ll want to have access to a Salesforce sandbox so you can test without any risk to your live data. Not all Salesforce licenses include access to a sandbox so this is something you’ll want to confirm with them at the outset.


It should go without saying – but we’ll say it anyway – that once an integration is in place it’s vital that you keep on top of the on-going maintenance of both the integration and Drupal with the timely application of security patches and module updates.

The Salesforce Suite module

Salesforce Suite is a well-established contributed module for Drupal and in most cases will be the bedrock of any integration between Drupal and Salesforce.


Access to the Salesforce REST API requires the client to take care of private keys and request access tokens, all of which can be a bit fiddly and if not done correctly can lead to security vulnerabilities. Fortunately, Salesforce Suite ships with sub-modules which makes authentication straight-forward.


The Mapping sub-modules provide a really neat way for Drupal site builders to ‘sync’ Drupal entities with Salesforce objects. For example, you could map the Salesforce Account object to a Drupal Organisation content type and have the module handle the pushing and pulling of data between Drupal and Salesforce. Mapping is a great tool to have at your disposal, but it’s important to be aware of its limitations to know when to deploy this approach.

The REST API wrapper

Salesforce Suite also provides developers with a PHP wrapper around the Salesforce REST API. This underpins the mapping functionality provided by the module but it’s also an incredibly useful tool on projects where a more advanced integration between Salesforce and Drupal is required.


FormAssembly is a ‘form builder’ SaaS that allows its users to create – you guessed it! – forms. What sets it apart from other ‘form builder’ services out there is a tight integration with Salesforce: administrators can wire their forms up to Salesforce objects which results in Salesforce data manipulation on form submission.

Sounds cooh, huh? Before you start going crazy with text areas and checkboxes, don’t forget that FormAssembly carries some of the same risks associated with any Salesforce integration – we’ve seen more than a few examples where a poor configuration has resulted in security vulnerabilities and threats to data integrity.

Drupal integration options

FormAssembly hosts your forms on so your simplest option is to just link to the form from your website. For a tighter integration you’ll want to look at embedding your form’s HTML and, as you’d expect by now, there’s a Drupal module for that. One consistent challenge with the latter approach is that FormAssembly’s opinionated styles make the form look good out-of-the-box™ but get in the way of making your FormAssembly forms stylistically consistent with your website’s design.

Thinking about integrating your Drupal website with Salesforce or another CRM?

Whatever stage you’re at, and whether you’re thinking about integrating Drupal with Salesforce or another CRM – Dynamics 365 we’re looking at you! – we’d love to have a chat about the options and help you find the way forward.

Drop us a line to and we’ll take it from there.

Meet the Authors
Back to blog