data-cloud-activation-development
Use this skill when building developer-driven Data Cloud activation surfaces: webhook Data Action Targets with HMAC-SHA256 signing, Salesforce Platform Event data actions, Data Cloud-Triggered Flows on DMO insert, or Marketing Cloud journey triggers. Triggers on: webhook data action target, Data Cloud triggered Flow not firing, HMAC secret key for data action, platform event from Data Cloud, DMO insert trigger. NOT for configuring standard admin-level Activation Targets (SFTP, ad platform segment publishing, CRM segment activation) — those require admin configuration skills, not this developer extensibility skill.
Best use case
data-cloud-activation-development is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use this skill when building developer-driven Data Cloud activation surfaces: webhook Data Action Targets with HMAC-SHA256 signing, Salesforce Platform Event data actions, Data Cloud-Triggered Flows on DMO insert, or Marketing Cloud journey triggers. Triggers on: webhook data action target, Data Cloud triggered Flow not firing, HMAC secret key for data action, platform event from Data Cloud, DMO insert trigger. NOT for configuring standard admin-level Activation Targets (SFTP, ad platform segment publishing, CRM segment activation) — those require admin configuration skills, not this developer extensibility skill.
Teams using data-cloud-activation-development should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/data-cloud-activation-development/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How data-cloud-activation-development Compares
| Feature / Agent | data-cloud-activation-development | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use this skill when building developer-driven Data Cloud activation surfaces: webhook Data Action Targets with HMAC-SHA256 signing, Salesforce Platform Event data actions, Data Cloud-Triggered Flows on DMO insert, or Marketing Cloud journey triggers. Triggers on: webhook data action target, Data Cloud triggered Flow not firing, HMAC secret key for data action, platform event from Data Cloud, DMO insert trigger. NOT for configuring standard admin-level Activation Targets (SFTP, ad platform segment publishing, CRM segment activation) — those require admin configuration skills, not this developer extensibility skill.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Data Cloud Activation Development
This skill activates when a developer needs to build event-driven automations or external integrations triggered by Data Cloud DMO events. It covers Data Action Targets (Webhook, Salesforce Platform Event, Marketing Cloud) and Data Cloud-Triggered Flows, including HMAC security configuration, payload handling, event retention limits, and failure recovery patterns. It does NOT cover segment-level Activation Targets (SFTP, ad platforms) — those are admin activation tasks.
---
## Before Starting
Gather this context before working on anything in this domain:
- Data Cloud has two distinct activation surfaces: **Activation Targets** (segment-level, batch-publishing) and **Data Action Targets** (event-level, near-real-time). Developer work belongs in Data Action Targets.
- For webhook targets, the HMAC-SHA256 secret key is MANDATORY — omitting it silently causes the target to receive no payload. There is no error message.
- Data Cloud-Triggered Flows fire on DMO row **insertion** only. Updates to existing unified profile records do NOT trigger flows.
- Events are retained for only 4 days with no automatic retry on delivery failure.
---
## Core Concepts
### Data Action Targets vs. Activation Targets
**Activation Targets** publish segment membership in batch to external channels (Marketing Cloud, SFTP, ad networks, CRM). Configured by admins. Run on batch schedules.
**Data Action Targets** fire near-real-time when a Streaming Insight condition is met on a DMO. Three types:
- **Webhook** — HTTP POST to external endpoint, optionally HMAC-signed
- **Salesforce Platform Event** — publishes event to Salesforce event bus
- **Marketing Cloud** — fires a journey entry event via Journey Builder API
### HMAC-SHA256 Secret Key for Webhooks
Every webhook Data Action Target should have an HMAC-SHA256 secret key configured. The platform computes the signature as HMAC-SHA256 of the raw request body using the key and includes it in the `X-SFDC-Signature` request header. Receivers must verify this signature. If the key is missing, the platform silently drops outbound payloads — there is no error logged and no delivery occurs.
After changing or regenerating the key, allow up to 15 minutes for propagation before expecting correct signatures.
### Data Cloud-Triggered Flows
Data Cloud-Triggered Flows bind an autolaunched Salesforce Flow to a specific DMO. They fire when a row is inserted into that DMO. The Flow receives the inserted record's fields as input variables. Since the trigger is insert-only, any downstream logic that must respond to profile updates needs an explicit re-insert pattern or must use Calculated Insights with delta detection.
### Event Retention and No Retry
Data Action Target events are retained for 4 days. If the target (webhook endpoint or Platform Event bus) is unavailable during event delivery, the event is not retried. External dead-letter queues or idempotent replay mechanisms must be built outside the Data Cloud platform.
---
## Common Patterns
### Pattern 1: Webhook Data Action Target with HMAC Verification
**When to use:** External system needs near-real-time notification when a DMO condition is met.
**How it works:**
1. In Data Cloud Setup > Data Action Targets, create a new Webhook target.
2. Enter the endpoint URL and set a strong HMAC-SHA256 secret key.
3. Create a Streaming Insight that defines the DMO condition.
4. Link the Streaming Insight to the Data Action Target.
Receiver-side HMAC verification:
```python
import hmac, hashlib
def verify_payload(secret: str, raw_body: bytes, sig_header: str) -> bool:
expected_sig = hmac.new(
secret.encode("utf-8"),
raw_body,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected_sig, sig_header)
# In your webhook handler:
# sig = request.headers.get("X-SFDC-Signature", "")
# if not verify_payload(SECRET, request.get_data(), sig):
# return 403
```
**Why not skip HMAC:** No HMAC key means no payload delivery and no security verification.
### Pattern 2: Data Cloud-Triggered Flow for Automated CRM Actions
**When to use:** A new unified profile DMO record should trigger CRM record creation or update.
**How it works:**
1. Build an autolaunched Salesforce Flow in Flow Builder with input variables matching DMO fields.
2. Activate the Flow.
3. In Data Cloud Setup > Data Cloud-Triggered Flows, create a new entry binding the Flow to the target DMO.
4. Activate the triggered flow binding.
5. When a new DMO row is inserted, the Flow executes with that record's data as inputs.
**Why not use record-triggered Flow:** Record-triggered Flows only watch standard Salesforce CRM objects, not Data Cloud DMOs.
---
## Decision Guidance
| Situation | Recommended Approach | Reason |
|---|---|---|
| Near-real-time external system notification | Webhook Data Action Target with HMAC | Event-level trigger with payload signing |
| Salesforce-internal automation on DMO event | Data Cloud-Triggered Flow | Native Flow, no external dependency |
| Segment membership push to ad platform | Admin Activation Target (not this skill) | Batch segment-level publishing |
| React to unified profile update | Re-insert pattern or CI delta | Triggered Flows fire on insert only |
| Reliable delivery despite endpoint downtime | External dead-letter queue + idempotent receiver | Platform has no auto-retry |
---
## Recommended Workflow
1. Confirm the use case is event-level (Data Action Target) vs. segment-level (Activation Target admin config).
2. Identify the target DMO and the triggering condition for the Streaming Insight.
3. For webhook targets: generate the HMAC-SHA256 secret key BEFORE creating the target. Set it during creation.
4. Create the Streaming Insight defining the DMO condition and link it to the Data Action Target.
5. For Triggered Flows: build and activate the autolaunched Flow, then create the Data Cloud-Triggered Flow binding in Data Cloud Setup and activate it.
6. Test by inserting a qualifying DMO record and verifying payload delivery or Flow execution.
7. Implement idempotent receivers and external retry/dead-letter handling for webhook targets.
---
## Review Checklist
- [ ] Data Action Target type correctly selected (Webhook, Platform Event, or Marketing Cloud)
- [ ] Webhook HMAC-SHA256 secret key configured — not blank
- [ ] Streaming Insight condition correctly defined and linked to target
- [ ] Triggered Flow is both activated (Flow) and enabled (Data Cloud-Triggered Flow binding)
- [ ] Flow handles insert-only DMO trigger; update scenario uses re-insert pattern
- [ ] Receiver implements HMAC verification against `X-SFDC-Signature` header
- [ ] External retry queue or dead-letter mechanism designed for webhook failures
- [ ] 15-minute HMAC propagation delay accounted for after key changes
---
## Salesforce-Specific Gotchas
1. **Missing HMAC Key Causes Silent Payload Drop** — No HMAC key on a webhook target means no payload is ever delivered. No error is surfaced in Data Cloud. Always configure the HMAC key at target creation time.
2. **Triggered Flows Are Insert-Only** — DMO row updates do NOT fire Data Cloud-Triggered Flows. Only new insertions do. This is a hard platform constraint, not a configuration option.
3. **15-Minute Key Propagation After Change** — After regenerating the HMAC secret key, up to 15 minutes elapse before the new key is applied. Plan rotations for low-traffic periods.
4. **No Auto-Retry on Delivery Failure** — Events retained for 4 days but not retried automatically. Endpoint downtime = lost events after retention window. External dead-letter queues are required for reliable delivery.
5. **Naming Confusion: Activation Targets vs. Data Action Targets** — Creating a webhook under the wrong menu (Activation Targets vs. Data Action Targets in Setup) creates a segment-level batch publisher, not an event-level trigger. These are different features with different menus in Data Cloud Setup.
---
## Output Artifacts
| Artifact | Description |
|---|---|
| Data Action Target | Webhook, Platform Event, or Marketing Cloud target configuration |
| Streaming Insight | DMO condition filter definition linked to target |
| HMAC verification code | Python/Node receiver-side signature check |
| Triggered Flow binding | Data Cloud-Triggered Flow entry in Setup |
---
## Related Skills
- data-cloud-integration-strategy — for the full ingestion pipeline upstream of activation
- data-cloud-query-api — for querying DMO data to understand activation source data
- platform-events-integration — for consuming Platform Events fired by Data Cloud Data Action Targets
- flow-for-slack — for Flow-based downstream notifications after Data Cloud triggerRelated Skills
sandbox-data-masking
Use this skill when configuring or reviewing Salesforce Data Mask to protect PII/PHI in partial or full copy sandboxes after a refresh. Trigger keywords: data mask, sandbox masking, PII in sandbox, GDPR sandbox, HIPAA non-production, mask contacts, obfuscate fields non-production. NOT for sandbox refresh mechanics (use sandbox-refresh-and-templates), NOT for production data anonymization, NOT for Shield Platform Encryption at rest.
gdpr-data-privacy
Use this skill when implementing GDPR or CCPA data privacy controls in Salesforce: Individual sObject linkage, consent tracking, Right to Be Forgotten (RTBF) requests, data subject request handling, and Privacy Center configuration. Trigger keywords: GDPR, data privacy, consent management, right to erasure, Individual object, ContactPointConsent, ShouldForget, data subject request, Privacy Center, data portability. NOT for general data quality cleanup, duplicate management, field-level encryption (see platform-encryption skill), or sandbox data masking (see sandbox-data-masking skill).
experience-cloud-security
Use when configuring access controls, sharing, or site security for authenticated or guest Experience Cloud (community) users: external OWD, Sharing Sets, Share Groups, CSP, clickjack protection, guest user record access. NOT for internal sharing model configuration (use sharing-and-visibility).
data-classification-labels
Classify Salesforce fields by data sensitivity and compliance category using the four built-in classification attributes (SecurityClassification, ComplianceGroup, BusinessOwnerId, BusinessStatus). Covers Metadata API deployment, Tooling API querying, and Einstein Data Detect recommendations. NOT for data masking, Shield Platform Encryption, or runtime access control enforcement.
customer-data-request-workflow
Implement GDPR/CCPA data subject rights (access, deletion, rectification) using Salesforce Privacy Center and/or custom workflow. NOT for general backup or org-level data retention policy.
omnistudio-deployment-datapacks
Use when exporting, importing, or version-controlling OmniStudio components using DataPacks via the OmniStudio DataPacks tool or vlocity CLI. Covers DataPack export/import, Git version control integration, CI/CD for OmniStudio. NOT for SFDX-based metadata deployment of non-OmniStudio components.
omnistudio-asynchronous-data-operations
Use Integration Procedures queues, DataRaptor Chain, and Remote Actions with async patterns for long-running OmniStudio flows. NOT for simple DataRaptor reads.
dataraptor-transform-optimization
Use when DataRaptor Transform operations are slow, hit governor limits, or use Apex where formula fields would suffice. Covers formula vs Apex expressions, bulk transform sizing, and chained transform composition. Triggers: 'dataraptor transform slow', 'dataraptor formula vs apex', 'dataraptor bulk transform', 'dr governor limit'. NOT for DataRaptor Extract or Load performance.
dataraptor-patterns
Use when designing or reviewing OmniStudio DataRaptors, especially Extract versus Turbo Extract versus Transform versus Load, field mapping strategy, performance tradeoffs, and when to move work into Integration Procedures or Apex. Triggers: 'DataRaptor Extract', 'Turbo Extract', 'DataRaptor Load', 'DataRaptor Transform', 'OmniStudio data mapping'. NOT for overall OmniScript journey design or Integration Procedure sequencing when the main question is not the DataRaptor shape itself.
lwr-site-development
Use this skill when building or customizing sites on the Lightning Web Runtime (LWR) in Experience Cloud — including component authoring, custom theming with --dxp hooks, layout components, and publish lifecycle management. Trigger keywords: build LWR site Experience Cloud, Lightning Web Runtime custom theme, LWR component development community, Build Your Own LWR template, Microsite LWR, lightningCommunity__Theme_Layout, --dxp styling hooks. NOT for Aura-based communities (Build Your Own Aura template). NOT for standard Experience Builder drag-and-drop configuration without code.
lwc-datatable-advanced
Advanced lightning-datatable patterns — inline edit + draftValues, custom cell types via extending LightningDatatable, sortable columns, infinite scroll with onloadmore, row-level errors, and the cost of large data sets. NOT for read-only display of small lists (plain lightning-datatable suffices) or fully custom grids (use a third-party library).
lwc-data-table
Use when designing or reviewing `lightning-datatable` usage in Lightning Web Components, including column configuration, stable `key-field` values, inline editing, row actions, infinite loading, and custom cell types. Triggers: 'lightning datatable inline edit', 'row actions in lwc datatable', 'key field missing', 'infinite loading in datatable'. NOT for highly custom virtualized grids or broad page-performance work outside the datatable boundary.