Recently I opened a ticket regarding what type of Security is used in the Genesys for Salesforce Integration:
https://developer.genesys.cloud/forum/t/type-of-security-between-genesys-cloud-and-salesforce/18951
The anwer i get for Richard(Thanks Richard) was this:
In the case of data actions, it entirely depends on the configuration you've set within your Salesforce org as to whether it leverages mTLS. In the event you have configured your Salesforce org to require mTLS, then the data action service will present it's certificates as part of the initiation of the TLS handshake, as defined in the Salesforce documentation: https://help.salesforce.com/s/articleView?id=000383575&type=1 . It will be up to the Salesforce admin to establish the trust relationship with the Genesys Cloud Data Action Certificate Authority: MTLS support for data actions - Genesys Cloud Resource Center
From what I have made clear, it seems that you can configure a user in Salesforce that has an “API only” Profile to make API calls to Salesforce externally, and for this Profile, you can enable MTLS.
BUT at this point I have a doubt...
If MTLS can only be enabled in “Web Services Data Actions” according to Genesys documentation, and according to Salesforce documentation, they enable MTLS through port 8443…
How can we consume these Salesforce web services if Genesys Cloud only supports connections through port 443, as the documentation indicates?
https://help.mypurecloud.com/faqs/can-we-call-a-web-service-running-on-a-port-other-than-443/
!!! I'm afraid Customer won't like this, as Banking sector, the Security Team will not going to relax their restrictions....thanks a lot 