What is Spekit?

Spekit is a webapp that connects to your Salesforce org via OAuth, allowing you to import select metadata including objects, fields and pick-list values into the data wiki for documentation purposes. Certain object and field details are pulled from Salesforce whereas some are native to Spekit. 

The data wiki’s unique design can easily be searched, filtered and  shared with your end users who can access the info directly in Spekit or contextually using keyword match through the Chrome Extension. 

How does Spekit connect to Salesforce?

When setting-up Spekit, users with a System Administrator profile in Spekit can authenticate with Salesforce using OAuth. 

End-users have the option of signing in using Salesforce via OAuth or can sign-in directly with their Spekit email and password.

Does Spekit work in Salesforce Lightning and Classic?

Yes, the Spekit Chrome extension works both in Lightning and Classic versions of Salesforce. Our system also comes pre-loaded with Knowledge Cards that help you make the transition from Classic to Lightning. 

What metadata is imported into Spekit?

Spekit imports the following information about your fields:

For Objects: 

  • Label
  • Internal description (populates Definition field in Spekit and managed in Spekit after first sync) 
  • Fields located on the object
  • Record count for the object
  • Type (Custom or standard) 
  • SFDC API Name
  • SFDC setup link (to that object in Salesforce)

For Fields:

  • Label
  • Help text (populates Definition in Spekit and managed in Spekit after sync)
  • Field Type
  • Calculated Formula (for type = Formula)
  • Related Picklist Values (for type = Picklist) 
  • Required (Y/N)
  • Default value
  • SFDC API Name
  • SFDC setup link (to all fields view for that object) 

For Picklist values: 

  • Label
  • Parent Field

We also plan to pull in additional metadata types in upcoming releases

If you’re looking to import other types of metadata for documentation purposes, please share your use cases with zari@spekit.co.

Are there different roles in Spekit?

Yes, there are three different roles in Spekit that can be assigned to users.

Viewer: This role is designed for end-users who want to benefit from the definitions and rules documented in Spekit. Permissions include:

  • Read-only access with ability to search and filter the data wiki in Spekit
  • Chrome extension download and access.

Data Expert: This role is used to assign business owners in your organization to share their subject matter expertise on certain fields and terminology in the data wiki. Permissions include:

  • Viewer permissions
  • Create custom business terms
  • Edit definitions and business rules

Admin: This role has full edit and configuration access in Spekit. By default, any user with a System Administrator profile in Salesforce is assigned this role. Permissions include:

  • Data Expert permissions
  • Import objects
  • Import picklist values
  • User-management
  • Hide terms in data wiki 
Can you connect to Salesforce using my Sandbox?

Yes. When signing-up, users have the option to connect either using a Sandbox org or a Production org. 

Note that at the moment, data cannot be transferred between orgs. In other words, if you decide to connect your production org to Spekit after your Sandbox, you will have to contact support@spekit.co to have any of your work or Data Expert assignments transferred.

What types of objects can you import in Spekit?

In the Object Import screen, you have the option to import:

  • Standard Objects (visible by default)
  • Custom Objects (visible by default)
  • System Objects (manually sync to view options)
  • Installed Packages (manually sync to view options)
Do users need a Salesforce license to use Spekit?

No. While Spekit uses your Salesforce metadata as a baseline, the goal is to create a source of truth and reference for anyone in your organization to access around the information and definitions they need around your data points and business terminology.

To this end, any Spekit user can access the information in Spekit using the webapp or Chrome Extension, regardless of whether or not they have a Salesforce license.

Does Spekit maintain any version control system for my metadata?

While we should not be viewed as a system of metadata backup, we do store logs on certain changes made directly in Spekit. For example, we track Last Edited On in Spekit, Last Edited By in Spekit, Last Synced from SFDC, etc.

Login Issues

I’m getting a 500 error when trying to authenticate with Salesforce for the first time

Your organization likely enforces IP address restrictions at login. 

To confirm that the IP address is the issue, do the following:

  1. Log into Salesforce
  2. Go to Setup –> Manage Users –> Login History
  3. Look for your login attempt with Spekit by searching the Application Name column for Spekit. 
  4. The Status should read: ‘Restricted IP’ Error  
  5. Write down the IP address in Source IP column

Next, try the following:

1)  Create a Trusted IP range for Spekit in Network Access

  1. Go to Setup –> Security Controls –> Network Access
  2. Create a “New” trusted IP range for Spekit and enter the IP address you wrote down from the login attempt to your Trusted IP ranges in Network Access.
  3. Once that IP range is saved, try signing-in to Spekit again. 

2)  Enter IP address in User Profile

  1. If Login Fails after trying solution 1, see if the error message and IP address still remain the same.
  2. If yes, then go Manage Users –> Profiles –> Login IP Ranges
  3. Create a “New” trusted IP range for Spekit and enter the IP address.
  4. Once that IP range is saved, try signing-in to Spekit again. 

3) Append the Security Token with Password.

  1. From your personal settings, enter Reset in the Quick Find box, then select Reset Security Token
  2. The new security token is sent to the email address in your Salesforce personal settings.
  3. Try logging in again by appending the security token to your password.

If these solutions don’t solve it, please email support@spekit.co



How will the Spekit platform interact with client systems?

Spekit connects to your Salesforce instance(s) using the Describe, List, DescribeSObject, Retrieve Package, REST, Metadata and SOAP APIs. We extract the following information from your Salesforce instance(s):
• User profiles
• Salesforce organization info
• Object, field, picklist value counts
• Users (name, email, company name, ID URL, Salesforce ID, Last login date, title, department, division, employee number)
• All metadata details (describe API, list API)

The data is stored in an encrypted PostgreSQL database hosted on Amazon RDS. It is also indexed in our ElasticSearch servers (hosted on AWS EC2). Spekit performs searches on the fetched data to create a data dictionary and training tool for Salesforce users. Please see our privacy policy for details.

Does Spekit import all my metadata when I connect?

No. We only import your object metadata when you connect to let you pick and choose what you’d like to import and document.

Only once you choose to import specific objects into Spekit from the Manage Objects page do we import the associated fields and picklists. 

Does Spekit have access to my customer data through the Salesforce integration?

No. Our Salesforce integration only requires the “Modify Metadata” permission enabled. The application does not require “Modify all Data” permission which would grant access to your customer data stored in Salesforce.

Who is the point of contact for security-related questions?

Our Director of Engineering is primarily responsible for information security and can be contacted at security@spekit.co.

Does Spekit have a SOC 2 report, ISO 27001 certification, or other compliance documents?

Not at this stage. Our mid-term goals include ISO 27001 certification. Since we don’t pull any financial information, SOC 2 is not relevant to us.

Does Spekit use any third parties in providing this service? What are they and how does each service interacts with customer data?

Yes we do use third-party services to provide various services. All of our partners are Privacy Shield certified and have a privacy policy that protects customers under GDPR.

What procedures does Spekit have in place to determine whether a third party should have access to your customers’ data?

We don’t provide third-parties access to our customer data directly. The only access they get is in context of the services provided by the respective applications.

Before we engage with a third party, we ensure that the third-party has a privacy policy compliant with GDPR and/or is Privacy Shield certified.

Please describe the physical location(s) of customer data processed and stored by your system.

Amazon US East 2 (Ohio) and our office in San Francisco, CA.

How does the Spekit platform connect to customer systems? How are authentication credentials or tokens protected within the boundaries of your system?

We connect via Salesforce OAuth and store the refresh token from Salesforce in our database. We use transport and storage level security (TLS and AES256).

Is data that collected by the Spekit platform encrypted at rest?

Data is encrypted in transit (HTTPS) and in storage (AES256). The metadata from your Salesforce org stored in ElasticSearch is not encrypted, however, it is password protected and firewalled.

Can I control what sites I give the Spekit for Chrome extension access to?

Yes! You absolutely can.

Paste this address in your Chrome bar:


Scroll to the “Permissions” section and choose “On specific sites” from the column toggle.

Note that if you do this,  turning Spekit icons on new sites won’t work unless you add that site to the list here as well.

What controls are in place to protect the Spekit production network?

1. Our app is hosted on AWS EC2 and uses RDS for data storage
2. Our servers and databases are behind firewalls and Intrusion Prevention Software
3. Access to our servers is limited to certain whitelisted IPs

What data access points does Spekit require and how are they restricted?

Databases can currently only be accessed from our application servers. The credentials to the servers and databases are provided on a strictly need basis.

The application can have certain administrative users for customer support roles. These users will be restricted to using the application via web and/or mobile interfaces and will not be able to access the underlying servers and/or databases directly.

How is access to production infrastructure managed?

1. The production databases are hosted on AWS RDS and as such, it is not possible to access the underlying operating system. The databases are currently only accessible via the application servers.
2. The application servers can be accessed from certain whitelisted IP addresses via SSH

Is there a process for Spekit employees to request and provision access to production infrastructure?

All requests for privilege escalation and/or access to the production infrastructure go through the Tech Lead, the CPO and the CEO.

Are access privileges reviewed on a periodic basis?

Yes, we have a quarterly review of access privileges and plan to make this more frequent as our team grows.

What steps has Spekit taken to prevent the introduction of malicious software to employee workstations and production servers?

Our production servers are hosted by AWS and are behind firewalls and Intrusion Prevention Software.

Our employees: 1) Have two-factor authentication enabled on all sites that support it, 2) Are aware of phishing attacks and other common vectors, 3) Must gain approval before installing any third-party software on Spekit systems

How often are employees required to complete security awareness training?

We have a quarterly online security awareness training that all employees must take.

What is Spekit’s security incident response process, including procedures for capturing, documenting, and remediating incidents or breaches of customer data?

We are in the process of setting up log analytics for our infrastructure. Once this system is up, we will configure automated alerts to detect anomalous behaviour. Once such an alert is generated, the Tech Lead will investigate the issue to determine the threat level. If an issue is discovered, a notification will be generated internally and will trigger our client information sharing procedures. The Tech Lead will meanwhile focus the energies of the team on mitigating the issue (based on the threat level). Periodic updates will be shared as deemed necessary. And once the incident has been resolved, a summary will be released.

Is Spekit compliant with any privacy frameworks (Safe Harbor, Privacy Shield, GDPR, etc.)?

We have applied for Privacy Shield and hope for to be certified in the next few months. 

Please describe Spekit’s SDLC controls. Are duties between developers and server admins segregated?

We do not have segregated duties between developers and server admins. As a result of this, our change management process is tightly coupled with ensuring security and compliance under the purview of our CPO and Tech Lead.

Do platform changes require explicit approval?

For changes to the Spekit platform, explicit approval is required from either the CPO, CEO or Tech Lead as a part of our agile development process. Requests and approvals are documented in our project management system of record. 

Are platform changes tested prior to release? How is testing documented?

Yes. We conduct both end-to-end functional QA and regression tests on our internal staging environments (including testing Salesforce integrations) before releasing new functionality to production.

How are Spekit user accounts secured?

There are two types of Spekit accounts: 

Connected to Spekit using Salesforce OAuth 2.0 (allows users to login with Salesforce login and password)

Connected via Spekit email and password.

For users who have signed up or been invited via Spekit email/password, we provide enhanced security measures such as: 

  • Notifications for successful/unsuccessful login events

  • Prevent users from reusing passwords

  • Password complexity policy

  • Disabled outdated TLS 1.0 standards to boost security


Data Wiki FAQ

How often is the Salesforce metadata we imported into Spekit updated?

As an admin, you can re-sync metadata from your Salesforce org at any time by going to the Accounts section and clicking “Manual resync”.

You may be asked to re-authenticate your org by logging into Salesforce.

What happens if I add a new object, field or picklist value in Salesforce?

Behavior upon re-sync:

  • New Objects: New objects will show up in the Manage Objects section (accessible from Accounts).
  • New Fields: New fields that belong to previously imported objects will show up as new terms in the Data Wiki.
  • New Picklist Values:
    • For picklist values you haven’t imported: We will show you the updated list of values available for import upon re-sync.
    • For picklist values you HAVE imported – we aren’t pulling in any additions on re-sync right now. Upcoming fix: 1) You re-sync 2) We detect that you’ve added new picklist values to a previously imported set 3) We autoimport the new values”
What happens if I delete an object, field or picklist value in our connected Salesforce org?

The associated Spekit terms remain unchanged in the Data Wiki even if you delete them in Salesforce.

Coming soon: We have a feature upcoming that marks all deleted objects, fields and picklist values in your org as “Retired” and auto-hides them from end users upon re-sync. We won’t delete so that you don’t lose any information against the old terms, and as an admin, you will be able to filter in and view these “Retired” terms. 

What happens if I change an object, field or picklist Name/API Name in Salesforce?

Since we use the API Name as the unique identifier to import terms, renaming the API Name/Name will create a second term in Spekit with the new API Name/Name upon re-sync.

Upcoming feature: Ability to manually mark duplicate values as retired

What happens if I change the label of an existing object, field or picklist in Salesforce?

Upon re-sync, we will update the label of the associated term in Spekit to reflect your changes in Salesforce.

What happens if I update the Data Type of a field in Salesforce?

Upon re-sync, we’ll reflect the updated Data Type in Spekit.

Note that if you change a field with Data Type = Picklist to another Data Type, any previously imported picklist values will not be removed when you update the Data Type.

Can we import or export metadata from Spekit?

Yes, you can! We provide excel import and export via the Settings section.

Please note that right now, you cannot upload docs into Spekit – just embedded videos, images and links.

Can I connect to Spekit if my primary language is not English?

Yes, you can connect with a System Administrator profile user that has a non-English language setting. However, please note:

  • Standard field labels will be imported in English 
  • Custom objects will be in the language you use

To try with your own org, sign up for a demo and follow instructions to “Connect your Salesforce”. 

Salesforce has a lot of system fields like “Last Modified On”. Are they also imported?

In order to avoid crowding out of the wiki with system fields that don’t need definitions or explanations, we auto-hide any Salesforce system fields and frequently occuring fields by default.

If you’d like to un-hide these fields, simply go to filters and toggle on “Show hidden terms.” Now you’ll be able to see the hidden fields and click the “eye” icon to unhide the ones you want.

Exception: This only applies to newly imported objects as of August 15, 2018. It doesn’t apply to objects that were imp0rted before we released this enhancement (pre-August 15, 2018). If you’d like to hide these fields please search > bulk select > mark as hidden. 

How To’s

How do I create a custom card?

Data Wiki cards can be added by any Spekit Admins or Data Expert  in the data wiki in two easy steps:

  1. Use the drop-down menu to add a new card

2. Add your details:

3. Use the search bar or navigation tab to find all your custom cards easily


When would I need to use custom columns?

With custom columns, you can add custom, company-specific information to existing fields, objects or other metadata in your Data Wiki. In other words, it’s a streamlined way to extend the benefits of the Spekit data dictionary to other parts of your business.

Here are some use cases to get you started:

  • Source: Do you struggle to figure out how a particular field is populated? Create a column to store the original source of that data, ex: Is it from a website sign-up form or is it manually entered data?
  • Mappings: Store mappings between Salesforce API names and other internal databases or system API names to make it easier for anyone in your company to work on a report or integration.
  • GDPR compliance: Keep track of which fields or objects in your Salesforce org store personal data.
  • External Links: Add links to external documentation related to your metadata at the field, picklist or object-level, ex: Training modules in Trailhead, and tickets in JIRA/Confluence or Cases.
  • Custom definitions by team: Store relevant info catering to different audiences, ex: a “Retail Sales Definition” column.
  • Synonyms: Do you use certain terms interchangeably? Add a column for synonyms so that Spekit can easily pull up matches regardless of what term the user searched.
How do custom columns work?

Custom columns can be added by Spekit Admins to all terms, or to a single term type. For example, you may just want to track that data point for objects and not for fields or picklist values.

Add a new custom column from Settings > Custom Columns.

Custom columns and their data can be viewed by all users. Once added, the new data point will appear in the expanded when clicking on a term. Text can be added to the custom columns in the same way that the definition or business rule is updated by clicking the edit button.

expanded_view_custom_column edit

You can also use the column toggle to display new columns in the main Data Wiki.

How to add images in Spekit from different sources

There are multiple ways to add an image to Spekit. Here’s how:

From the web or box:

Right-click an image + Copy Image Address. 

Paste image address with .jpeg or .png format into the rich text editor in Spekit.

From Google Drive:

Use this link format:

  1. Upload your image to your Google Drive Folder
  2. Open the file to get the ID: 
  3. Copy this link into the image upload box in Spekit and replace the XXXXX with your image ID   https://drive.google.com/uc?id=xxxxx