Documo eFax + Salesforce Integration, A Complete Setup Guide

Salesforce

5 MIN READ

July 9, 2026

Loading

automate efax in salesforce

Fax machines were supposed to disappear a decade ago. Instead, healthcare providers, law firms, insurers, and government agencies still depend on eFax daily because it remains a legally recognised, compliance-friendly way to exchange documents. The catch is that fax has always lived in its own bubble, arriving in a separate portal, creating no CRM record, and forcing agents to bridge two systems by hand.

Documo removes that bubble. As a cloud-native eFax platform with a full REST API and real-time webhook delivery, it can integrate directly with Salesforce, the world’s leading CRM. This blog covers a complete, production-grade, bidirectional integration, spanning inbound faxes that create Salesforce Cases automatically and outbound faxes sent from a Lightning Web Component. Here is how the full stack fits together.

Why This Integration Matters Now

Digitizing communication channels inside the CRM is no longer optional; it is the baseline expectation. A global survey by Harvard Business Review Analytic Services found that 94% of respondents say that digitizing workflows is important to their organization, and organizations doing this well reported gains in efficiency, streamlined processes, better tool access, and improved collaboration.

An eFax number is one of the last paper-adjacent channels still running outside the CRM. Every fax that lands in a standalone portal instead of a Case record is a small workflow gap, and gaps like this compound across a support team. Connecting Documo to Salesforce closes that gap directly, turning a legacy compliance channel into a fully tracked, automated part of the CRM.

Automate Inbound Fax Now

Architecture at a Glance

The integration runs both ways. An inbound fax triggers a Documo webhook that calls a Salesforce Apex REST endpoint, creating a Case and attaching the document automatically. An outbound fax originates from a Lightning Web Component, calling an Apex controller that invokes the Documo REST API through a Named Credential.

documo salesforce integration

Step 1: Documo Platform Setup

Provision a toll-free eFax number. Log into the Documo portal and go to Numbers → Add Number, select Toll-Free, choose a country, and complete provisioning. This number becomes the single inbound channel for all fax communication. Note its unique identifier for use in Custom Metadata later.

Generate a Documo API key. Go to Settings → API Keys → Create API Key and copy it immediately, since it is shown only once. This key authenticates every outbound callout from Salesforce to Documo and should live inside a Salesforce External Credential, never in Apex source code.

Configure the inbound webhook. Under Webhooks → Create Webhook, set the event type to fax.received and point the URL at your Salesforce Apex REST endpoint. Generate a strong random secret for this webhook. Documo signs every payload using HMAC-SHA256 with that secret and sends the resulting signature in a request header, which the Apex endpoint validates on every call before processing anything. Store this secret in Custom Metadata.

Step 2: Salesforce Connected App, Client Credentials Flow

The OAuth 2.0 Client Credentials Flow is the right mechanism for machine-to-machine integration with no user interaction. Documo posts its credentials directly to the Salesforce token endpoint, receives a Bearer access token, and includes that token in the Authorization header of every webhook call. No certificates, redirect URIs, or authorization codes are involved.

Create the Connected App. Under Setup → App Manager → New Connected App, enable OAuth Settings, add the API and offline access scopes, and enable the Client Credentials Flow. Retrieve the Consumer Key and Consumer Secret from Manage Consumer Details afterward.

Assign a run-as user and set IP Relaxation. Under Manage → Edit Policies, set Run As to a dedicated integration user with API access, create permissions on Case, ContentVersion, and ContentDocumentLink, and Apex class access for the handler and controller. Set IP Relaxation to Relax IP restrictions, since Documo’s token requests come from cloud infrastructure without fixed IPs.

Hand over credentials. Give Documo’s webhook configuration the Salesforce token endpoint URL, Consumer Key, Consumer Secret, and grant type. These values should never touch code or version control.

Close The CRM Gap

Step 3: External Credential and Named Credential

Named Credentials manage outbound callout authentication correctly, since secrets stay encrypted and resolve at runtime rather than being hardcoded.

Build the External Credential. Under Setup → Named Credentials → External Credentials → New, set the Authentication Protocol to Custom, create a principal, and add the Documo API key with the Bearer prefix as an authentication parameter. Grant External Credential Principal Access through a permission set assigned to the run-as user and anyone sending outbound faxes.

Create the Named Credential and Remote Site Setting. Point the Named Credential at the Documo REST API base URL, link it to the External Credential, and enable formula support in headers and body. In Apex, the key is injected at callout time through a merge field and never appears in source code. Finally, add the Documo API domain as an active Remote Site under Setup → Remote Site Settings.

Step 4: Custom Metadata Type

Custom Metadata Types are the correct mechanism for deployable, version-controlled configuration, since they move through change sets and unlocked packages without the governor limit concerns of Custom Settings. Create a type such as Documo_Config under Setup → Custom Metadata Types → New, with an encrypted text field for the Webhook Secret, a text field for the Account UID, and a text field for the Default Fax Number. Populate one default record with all three values. This record gets queried at runtime by the configuration provider class.

Step 5: Apex Implementation

The Apex layer is structured as nine classes with clear separation of concerns: an exception type, wrappers for the webhook payload and outbound fax request/response, a configuration provider that reads and caches Custom Metadata, a service class handling HTTP callouts through the Named Credential, a processor that creates the Case and attaches the file, a @RestResource webhook handler, and an @AuraEnabled outbound controller.

Key security patterns. HMAC signature validation runs first in the webhook handler, so any request with a missing or mismatched signature is rejected with HTTP 422 before any DML or callout executes. Named Credential merge fields handle every Authorization header, so the API key never appears as a string literal. Input validation is layered across the LWC, the request wrapper, and the controller’s regex check, and with sharing on the outbound controller stops agents from sending faxes off records they cannot access.

Step 6: Lightning Web Component

The documoOutboundFax LWC deploys to Record Pages and App Pages. It offers a recipient fax number input with client-side regex validation, a read-only sender number populated via a wire call, an optional cover note, a PDF-only file input capped at 10 MB, and Send and Clear buttons with loading states and toast notifications. The component reads the file as Base64 through the FileReader API and validates everything client-side before any server call fires.

Build It With Ksolves

Step 7: Deployment Checklist

Documo and Salesforce

  • Toll-free number provisioned
  • API key stored in an External Credential
  • Webhook created for fax received with the HMAC secret in Custom Metadata
  • Remote Site Setting active
  • Named Credential linked
  • Permission set assigned to the run-as user

Connected App, Apex, and LWC

  • Client Credentials Flow enabled with a dedicated run-as user
  • All nine Apex classes deployed with the REST endpoint path matching Documo’s webhook URL exactly
  • The documoOutboundFax component added to the target record page

End-to-End Validation

  • Send a test fax and confirm a Case appears within seconds with the PDF attached
  • Open the LWC, send a test fax, and confirm the success message and fax ID display correctly

Security Summary

Client Credentials Flow handles authentication between Documo and Salesforce without certificates or interactive login. HMAC-SHA256 validation adds a second, independent layer of trust on the inbound webhook. Named Credentials keep the Documo API key encrypted and out of source code or logs, with rotation requiring only a single field update, while with sharing on the outbound controller enforces record-level security throughout.

Ksolves: Bringing This Kind of Integration to Your Salesforce Org

Projects like this rarely stop at connecting two APIs. They involve OAuth design, secret management, deployable configuration, and a UI layer that agents actually enjoy using. This is exactly the kind of work our Salesforce Consulting Services team handles for clients who want their CRM to absorb legacy channels instead of working around them.

Ksolves is a top-notch Salesforce Partner and an AI-first company, so integrations like this are built with automation and intelligent workflow design from the ground up. Whether it is eFax, a legacy document system, or a custom AI layer inside Salesforce, our team scopes, builds, and deploys it with the same rigor shown here. Engagements like this typically run through our Salesforce Professional Services team, who scope the Apex, security, and UI layers together.

Conclusion

Connecting Documo eFax to Salesforce turns a channel that has always sat outside the CRM into a fully automated, auditable part of it. Every inbound fax becomes a Case with the document attached in seconds. Every outbound fax goes out in a few clicks, with no portal switching and no secrets sitting in code.

If your organization still treats fax as a side channel, it may be time to bring it into Salesforce properly. Talk to Ksolves to see how it fits your org or send us your query at sales@ksolves.com.

loading

author image
ksolves Team

Author

About the Author Editorial Team The Ksolves Editorial Team includes certified Salesforce experts, Big Data engineers, AI/ML specialists, Zoho consultants, and experienced technology writers focused on delivering clear, actionable insights for modern businesses. With hands-on experience across Salesforce, Big Data platforms, AI/ML solutions, application development, software testing, and Zoho ERP/CRM, the team publishes practical guides, real-world use cases, and industry updates that support smarter decisions and faster growth. Every article is created to solve business challenges, guide technology adoption, and keep organizations aligned with evolving digital ecosystems.

Leave a Comment

Your email address will not be published. Required fields are marked *

(Text Character Limit 350)

Frequently Asked Questions

What is the Documo and Salesforce integration?

The Documo and Salesforce integration connects Documo’s cloud eFax platform to Salesforce so inbound faxes automatically create Cases with attached documents, and outbound faxes can be sent directly from a Lightning Web Component. It uses OAuth 2.0 Client Credentials Flow, HMAC-signed webhooks, and Named Credentials to keep the connection secure and machine-to-machine, with no manual login required.

What happens if a fax number isn’t connected to Salesforce?

Without a Salesforce connection, every fax stays isolated in the Documo portal with no CRM record, so agents have to check a second system and manually copy documents into a Case. This creates workflow gaps that compound as fax volume grows, particularly in healthcare, legal, and insurance teams that rely on fax daily.

How does an inbound fax become a Salesforce Case automatically?

Documo sends a webhook to a Salesforce Apex REST endpoint the moment a fax arrives, and that endpoint validates an HMAC-SHA256 signature before creating a Case and attaching the fax as a file. The entire process, from Documo receiving the fax to a Case appearing with its document, completes within seconds.

Is OAuth Client Credentials Flow better than a standard login-based Connected App for this kind of integration?

Yes, for machine-to-machine integrations like Documo’s webhook calls, the Client Credentials Flow is a better fit than a standard login-based Connected App because there’s no human user, redirect URI, or authorization code involved. Documo authenticates directly against the Salesforce token endpoint and receives a Bearer token for every call.

How long does it take to set up a Documo eFax to Salesforce integration?

A production-grade Documo to Salesforce integration, covering Connected App setup, Named Credentials, Custom Metadata, nine Apex classes, and a Lightning Web Component, typically takes a few weeks depending on org complexity and existing permission structures. Ksolves builds these integrations end-to-end, including HMAC validation and deployment checklists, to keep timelines predictable.

Who can build a custom eFax to Salesforce integration?

A Salesforce consulting partner experienced in Apex REST, OAuth flows, and Named Credentials can build a custom eFax integration like this one. Ksolves is a Salesforce Summit Partner that designs and deploys integrations connecting legacy communication channels, such as eFax, directly into Salesforce Cases and automated workflows.

Does adding eFax to Salesforce require ongoing maintenance?

Ongoing maintenance is mostly limited to rotating the Documo API key stored in the External Credential and monitoring webhook delivery, since Named Credentials keep secrets out of Apex source code entirely. Most teams handle this with a single field update rather than a code deployment.

Have more questions about connecting Documo to Salesforce? Contact our team for a free consultation.

Copyright 2026© Ksolves.com | All Rights Reserved
Ksolves USP