Logging to Slack
RFLIB can post a notification to a Slack channel whenever a log event is published at or above a configured severity threshold. The integration uses a Slack Incoming Webhook and Salesforce Named Credentials to keep the webhook URL secure.
- A Slack workspace where you have permission to create apps and Incoming Webhooks
- Salesforce org with RFLIB v10.2.0 or later deployed
- Permission to manage Named Credentials in Salesforce Setup
- Go to api.slack.com/apps and click Create New App → From scratch.
- Give the app a name (e.g.
RFLIB Logger) and select your workspace. - In the left sidebar, click Incoming Webhooks and toggle Activate Incoming Webhooks to On.
- Click Add New Webhook to Workspace, select the channel where notifications should appear, and click Allow.
- Copy the generated webhook URL — it looks like:
https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXXKeep this URL private. It acts as a bearer token — anyone with it can post to your channel.
The webhook URL must be stored as a Named Credential so it is never visible in code, Custom Settings, or SOQL queries. In the modern Salesforce model a Named Credential references an External Credential, so this step has three parts: create the External Credential, add a Principal, then create the Named Credential.
-
In Salesforce Setup, search for Named Credentials and open it.
-
Select the External Credentials tab and click New.
-
Fill in the fields:
Field Value Label SlackName SlackAuthentication Protocol No AuthenticationThe Slack Incoming Webhook URL is itself the bearer token, so no additional authentication protocol is required.
-
Click Save.
-
On the Slack External Credential detail page, scroll to the Principals section and click New.
-
Set the Parameter Name to
RFLIB Slackand leave the Sequence Number as1. -
Click Save. The Principal's Authentication Status should show Configured.
The running user (or the Automated Process user, depending on how the RFLIB Log Event Handler flow runs) must be granted access to the Slack External Credential through a Permission Set. Without this access, callouts fail with an authorization error.
-
Back on the Named Credentials tab, click New.
-
Fill in the fields:
Field Value Label RFLIB Slack IntegrationName RFLIB_SLACK_WEBHOOK(must match exactly)URL Paste the Slack webhook URL from Step 1 Enabled for Callouts Checked External Credential Slack -
Click Save.
Sandbox vs Production: Named Credentials are org-specific. You must create this credential separately in each sandbox and in production. Using different webhook URLs per environment lets you route sandbox notifications to a dedicated
#rflib-logs-sandboxchannel.
-
In Salesforce Setup, search for Custom Settings and open
rflib_Logger_Settings__c(Logger Settings). -
Click Manage, then either edit the existing org default or click New to create one.
-
Set the Slack Log Level field to the minimum severity that should trigger a notification:
Value Behaviour NONEDisabled — no Slack notifications sent (default) FATALOnly FATAL events ERRORERROR and FATAL events WARNWARN, ERROR, and FATAL events INFONot supported (clamps to WARN at runtime) Most teams start with
ERRORorWARN. -
Click Save.
The Slack Log Level setting is a Hierarchy Custom Setting, meaning it can be overridden at the Profile or User level if finer-grained control is needed.
When a rflib_Log_Event__e Platform Event is published, the RFLIB Log Event Handler flow fires. If the event's level meets the configured Slack Log Level threshold, rflib_SendLogEventSlackAction posts a Block Kit message to the configured Slack channel.
The message includes:
- Log level (in the header)
- Org Name — the name of the Salesforce organization
- Created By — the Salesforce User ID that triggered the event
- Context — the logger context string
- Request ID — the transaction request ID for correlation
- Log Messages — the log output (truncated from the beginning at 2,800 characters so the exception at the tail is visible)
- Platform Info — governor limit snapshot in formatted JSON (truncated at 2,800 characters)
A delivered notification looks like this in Slack:
Execution order in the flow:
Platform Event fires
│
▼
Log to HTTP Endpoint (rflib_HttpCalloutLogAction)
│ ← fault skips to next step
▼
Send Log Event to Slack (rflib_SendLogEventSlackAction) ← NEW
│ ← fault skips to next step
▼
Archive Log Event (rflib_ArchiveLogAction)
│ ← fault skips to next step
▼
Send Log Event Emails (rflib_SendLogEventEmailAction)
Each step has a fault connector that continues to the next action, so a Slack failure never prevents archiving or email from running.
- Verify the Named Credential name is exactly
RFLIB_SLACK_WEBHOOK(case-sensitive). - Confirm Slack Log Level in Logger Settings is not
NONEand matches the severity of the events you are generating. - Check the rflib_Application_Event__c object for records with
Event_Name__c = 'rflib-slack-log-event-failed'— these capture failure details including HTTP status codes and exception messages.
The webhook URL in the Named Credential may be incorrect or the webhook may have been revoked. Regenerate the webhook in Slack and update the Named Credential URL.
Slack enforces a 3,000-character limit per text block. RFLIB truncates log messages from the beginning (not the end) at 2,800 characters so the exception at the tail is always visible in Slack, prefixing the block with [TRUNCATED]. Platform info is also truncated at 2,800 characters. This is expected behaviour for very verbose log events. Consider raising the General Log Level setting to reduce noise captured in events.
Raise the Slack Log Level threshold (e.g., from WARN to ERROR). You can also set a user- or profile-level override in Logger Settings to suppress Slack notifications for high-volume automated processes.
- The webhook URL is a secret. Store it only in the Named Credential — never in Custom Settings, Apex code, or Custom Metadata.
- Restrict edit access to the Named Credential to System Administrators only.
- Log messages processed by RFLIB are subject to masking rules (
rflib_Masking_Rule__mdt) before the Platform Event is published, so sensitive data masked at the logger level will not appear in Slack. - Rotate the webhook URL periodically via the Slack app settings and update the Named Credential accordingly.