Salesforce Developer Interview Questions at 🏦 American Express

 

A GradX Academy student recently attended a Salesforce Developer interview at American Express on July 1, 2024, and shared some of the most challenging and technical questions they encountered.

If you're preparing for a similar role, reviewing these questions along with detailed answers and best practices will give you an edge. Let's dive in!

---

1️⃣ How does Sharing & Security impact API access in Salesforce?

Answer: Sharing & security settings in Salesforce affect API access by determining what data users or external systems can access:

🔹 Profiles & Permission Sets: Control CRUD (Create, Read, Update, Delete) operations on objects.
🔹 Sharing Rules & OWD (Org-Wide Defaults): Define record visibility. APIs will respect these settings.
🔹 API User & Integration User Permissions: API requests can be limited by user permissions.
🔹 OAuth & Connected Apps: API authentication is controlled via OAuth scopes.
🔹 Field-Level Security (FLS): API responses omit fields that the user doesn't have access to.

✅ Best Practice: Use the WITH SECURITY_ENFORCED clause in SOQL queries to enforce security.

SELECT Name, Email FROM Contact WITH SECURITY_ENFORCED

---

2️⃣ How do you handle parent-to-child and child-to-parent communication in LWC?

Parent-to-Child Communication:

Use @api decorator to expose properties in the child component.

// Parent Component (parentComponent.html)
<c-child-component message="Hello from Parent"></c-child-component>

// Child Component (childComponent.js)
import { api, LightningElement } from 'lwc';
export default class ChildComponent extends LightningElement {
    @api message;
}

Child-to-Parent Communication:

Use Custom Events.

// Child Component (childComponent.js)
this.dispatchEvent(new CustomEvent('messagechange', { detail: "Hello Parent" }));

// Parent Component (parentComponent.html)
<c-child-component onmessagechange={handleMessage}></c-child-component>

// Parent Component (parentComponent.js)
handleMessage(event) {
    console.log('Received:', event.detail);
}

---

3️⃣ Queueable Apex vs. Future Methods vs. Batch Apex—When to Use What?

✅ Best Practice: Use Queueable Apex instead of Future Methods for better flexibility.

public class AsyncJob implements Queueable {
    public void execute(QueueableContext context) {
        System.debug('Running Queueable Apex');
    }
}

To enqueue:

System.enqueueJob(new AsyncJob());

---

4️⃣ How do you ensure security while integrating an external system with Salesforce?

🔹 Use OAuth 2.0 for authentication instead of hardcoding credentials.
🔹 Implement Named Credentials for secure API calls.
🔹 Limit API Access using permission sets & IP restrictions.
🔹 Validate input data to prevent SOQL Injection.

Example of SOQL Injection Prevention:

String userInput = 'John';
String query = 'SELECT Id FROM Account WHERE Name = :userInput';

---

5️⃣ What authentication mechanisms are available for Salesforce REST API?

🔹 OAuth 2.0 (Preferred) - Secure, used for web apps and integrations.
🔹 Session ID - Extracted from the logged-in user session (not recommended for external apps).
🔹 Basic Authentication - Deprecated, avoid using username/password in requests.

OAuth Flow Example:

curl -X POST https://login.salesforce.com/services/oauth2/token \
-d "grant_type=password" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "username=your@email.com" \
-d "password=yourPasswordTOKEN"

---

6️⃣ What is Platform Event-Based Integration, and how does it work?

Platform Events enable real-time event-driven architecture.

Key Components:

1️⃣ Define Platform Event
2️⃣ Publish Event in Apex
3️⃣ Subscribe via Trigger or External System

Example of Publishing a Platform Event:

MyCustomEvent__e eventObj = new MyCustomEvent__e(
    Message__c = 'New Order Created');
EventBus.publish(eventObj);

✅ Use Case: Notify an external system in real time when an opportunity closes.

---

7️⃣ How do you debug and troubleshoot CPU time limits & heap size issues in Salesforce?

🔹 Use Limits Class:

System.debug('Heap Size Used: ' + Limits.getHeapSize());
System.debug('CPU Time: ' + Limits.getCpuTime());

🔹 Optimize Queries:
✅ Use Filters & Selective Queries
❌ Avoid SELECT * FROM Object

🔹 Use Collection Processing Instead of SOQL in Loops

Map<Id, Account> accountMap = new Map<Id, Account>(
    [SELECT Id, Name FROM Account WHERE Industry = 'Tech']
);

---

8️⃣ How do you handle API rate limits in Salesforce REST API?

✅ Best Practices:
🔹 Cache responses where possible.
🔹 Implement Exponential Backoff for retries.
🔹 Use Composite APIs to reduce calls.

Example of API Limit Check:

HttpResponse response = http.send(request);
Integer remainingCalls = Limits.getCallouts();
System.debug('Remaining API Calls: ' + remainingCalls);

---

9️⃣ What strategies can optimize REST API performance in Salesforce?

🔹 Enable Compression: Use Accept-Encoding: gzip in headers.
🔹 Use Composite API: Reduce multiple requests into one.
🔹 Paginate Results: Fetch records in batches.

Example: Composite API Usage

{
  "compositeRequest": [
    {
      "method": "GET",
      "url": "/services/data/v50.0/sobjects/Account"
    },
    {
      "method": "GET",
      "url": "/services/data/v50.0/sobjects/Contact"
    }
  ]
}

---

🔚 Final Thoughts

The Salesforce Developer interview at American Express was challenging and covered a wide range of Apex, LWC, API, and Security topics.

If you're preparing for a Salesforce Developer role, practice coding, understand integrations, and focus on security best practices.

📢 Have you faced similar interview questions? Drop your thoughts in the comments!

🔗 Share this with fellow Salesforce Developers preparing for their next big opportunity!

#Salesforce #SalesforceInterview #SalesforceDeveloper #APIIntegration #LWC #Apex #AmericanExpress #GradXAcademy