SFMC Scout

Universal Chrome Extension for Salesforce Marketing Cloud — search, inspect, manage, and export your entire SFMC instance from a persistent side panel. No login required.

Features

Installation

1. Download or clone the repository
2. Open Chrome and navigate to chrome://extensions/
3. Enable Developer mode (toggle in the top-right corner)
4. Click Load unpacked
5. Select the SFMC_Scout/ folder (the one containing manifest.json)
6. Verify the extension appears with the Scout icon
7. Navigate to any SFMC page — the Scout toggle button will appear on the right edge of the screen

First Use

1. Click the Scout tab on the right edge to open the panel
2. On first open, Scout automatically captures tokens from your active session
3. If tokens are missing, Scout opens minimized background tabs to trigger token capture
4. Once all token badges show green, all features are available

Architecture

SFMC Scout uses a modular, layered architecture. The content script handles all UI rendering and event handling; the background service worker handles token interception, CORS proxy, and message routing; specialized handlers in handlers/ implement per-entity business logic.

File Structure

SFMC_Scout/
├── manifest.json           MV3 config (permissions, scripts, icons)
├── content.js              Panel UI, state (S), event handling (~2,800 lines)
├── background.js           Service worker: webRequest, CORS proxy, message hub
├── panel.css               All panel + component styles
├── injected_script.js      Page-injected: SnippetManager + AceEditorHelper
│
├── handlers/
│   ├── search/             Per-entity search services (Auto, Journey, DE, Asset, Activity)
│   ├── automation/         Automation detail, activity code, type registry
│   ├── de/                 DE folder service, field definitions, usage detection
│   ├── actions/            Quick action routes (create, export, import, report)
│   └── auth/               Token refresh coordination
│
├── services/
│   ├── DECreationService.js    Create DEs via REST
│   ├── DEExportService.js      Paginated export with folder resolution
│   ├── DEImportService.js      Restore from JSON with folder re-creation
│   └── DEReportService.js      HTML / CSV report generation
│
├── utils/
│   ├── InstanceService.js      Stack detection from hostname
│   ├── APIService.js           Authenticated fetch wrapper (CORS proxy)
│   ├── TokenService.js         Token classification and key mapping
│   ├── CSRFService.js          Token retrieval from chrome.storage
│   └── StorageService.js       chrome.storage.local helpers
│
└── core/
    ├── SnippetManager.js       Snippet storage + Ace deploy
    └── AceEditorHelper.js      Ace editor detection and injection

Authentication Model

Scout uses your active SFMC browser session via cookies — no credentials are entered, no per-section CSRF tokens are required for read APIs, and no external auth servers are involved. The cookie-only proxy at mc.{stack}.exacttarget.com/cloud/fuelapi/... accepts the same session cookies your browser already holds, returning full data for every entity type Scout reads.

Captured Tokens (write/admin only)

Both tokens are captured passively via chrome.webRequest.onBeforeSendHeaders — no fetches are issued by Scout to obtain them, and no ghost tabs are spawned.

Cookie-only request flow

Data Flow

All API calls are proxied through the background service worker to bypass CORS restrictions. The content script sends messages to the background; the background makes authenticated fetch requests using the user's session credentials.

Search Streaming Pattern

Universal Search uses Chrome's long-lived port messaging to stream results progressively — each entity type posts results as they arrive rather than waiting for all sources to complete:

API Endpoints

SFMC Scout integrates with multiple SFMC REST API endpoints. All URLs are relative to the detected stack instance (e.g. mc.s51.exacttarget.com or {bu}.marketingcloudapps.com).

Automations

Journeys

Data Extensions

Assets & Emails (Content Builder)

Activities (7 Types)

Authentication

All API requests use the user's own authenticated SFMC browser session. Scout never asks for credentials — it reads CSRF tokens that SFMC itself embeds in your outgoing requests.

Request Pattern

// background.js — makeAPIRequest (CORS proxy)
async function makeAPIRequest(url, method, headers, body) {
    const response = await fetch(url, {
        method,
        headers,
        body,
        credentials: 'include'   // Uses active SFMC session cookie
    });
    return { ok: response.ok, status: response.status, data: await response.json() };
}

Token Header Patterns

Universal Search

Universal Search is the default view when the panel opens. A single text input searches across all SFMC entity types simultaneously, with results streaming in as each source responds.

Searchable Entity Types

Result Actions (Click to Expand)

• Automations — click result to load full step breakdown inline (SQL / SSJS / Send Email / Import / File Transfer / Data Extract / Filter)
• Assets / Emails / Templates — click to open the inline detail card. Email ID, full folder path, file size + dimensions for uploads. Action row: Preview (renders email/template thumbnail in a modal via /artifacts/thumbnail/html?...), View image / Open file (clickable fileProperties.publishedURL), Copy name
• Data Extensions — click to view field count, folder, sendable flag
• Journeys — click to open the detail card with activity count, population, entry source DE, entry criteria (code block), schedule humanizer, and "Open in JB" deep-link
• Activities — row meta line shows Type · Folder breadcrumb · Update Mode (Overwrite / Append / Update / Update Add). Folder hydrated per-row via parallel ?view=categoryinfo calls; HTTP/2 multiplexes so cost is ≈ one extra request

Asset Preview Modal

Clicking Preview on an email or template row opens a centered modal overlay that fetches the rendered HTML thumbnail. Two endpoint shapes are used depending on asset type:

• Email (templatebasedemail / htmlemail / textonlyemail) → /artifacts/thumbnail/html?includeHeaderFooter=true&includeDesignContent=true
• Template (template / emailtemplate) → /artifacts/thumbnail/ (no /html suffix — that path 404s on pure templates)

Click outside the modal or press Escape to close. Backdrop blur, scale-in animation. Cached per asset ID — re-opens are instant.

Automations

The Automations tab lists all automation definitions in your SFMC instance with color-coded status badges. Clicking any automation loads a full step breakdown without leaving the panel.

Status Badge Colors

Step Breakdown

Clicking an automation expands the full step tree, showing every activity in every step. For SQL Query and SSJS Script activities, the code is shown with syntax highlighting in an expandable block. The detail view also includes:

• Automation key and ID
• Schedule configuration
• Last run time and next scheduled run
• Direct link to open in SFMC Automation Studio

Data Extensions

The Data Extensions tab provides four sub-tabs: Search, Create, Export / Import, and Report.

Search

Real-time DE search with paginated results. Each result shows:

• DE name and Customer Key
• Field count
• Folder path
• Sendable flag indicator
• Testable flag indicator

Create

3-step wizard for creating a new Data Extension:

1. Basic Info — Name, Customer Key, description, sendable/testable flags, folder selection
2. Fields — Add typed fields with name, type (Text, Number, Date, Boolean, etc.), length, required, primary key flags
3. Review & Submit — Preview the full DE definition before creating

Export

Export all Data Extensions from your instance:

• JSON Export — Structured export with field inventory, metadata, and folder path. Full paginated fetch handles thousands of DEs.
• ZIP Export — Individual JSON files per DE bundled into a downloadable ZIP archive

Import

Restore DEs from a previously exported JSON file:

• Parses and validates the JSON structure
• Optionally re-creates the original folder hierarchy
• Posts each DE to the REST API individually with progress tracking

Report

Generate a full Data Extension inventory report. See the Reports section for details on the report format.

Journeys

Journey rows in the universal search return rich metadata pulled directly from the interaction/v1/interactions/ bulk endpoint plus a per-row hydration via eventDefinitions/{id} when the row is expanded.

Row Pills (at-a-glance)

Expanded Detail Card

Click any journey row to open an inline detail card. Two API calls fire in parallel: interaction/v1/eventDefinitions/{id} for entry source + schedule + criteria, and interaction/v1/interactions/{id}?extras=all for the activity count. Population is read directly from the search payload (stats.cumulativePopulation) — no extra fetch.

Audit Log Modal

Click the Audit Log button in the detail card header to pop a timeline modal of every lifecycle event for the journey. Same modal shell as the asset preview (backdrop blur, scale-in animation, Esc / click-outside to close). Available from both main search and DE Usage "Used in → Journeys".

• Summary strip at the top — colored action pills (e.g. 12 Modify · 4 Publish · 1 Create) + total events + unique editor count for a quick read
• Vertical timeline below — left dot column color-coded by action; content column shows action name + version chip + publishStatus pill (red on PublishFailed) + user + humanized timestamp
• Cache per interactionId in a module-scoped Map — re-opens are instant

Endpoint: mc.{stack}.exacttarget.com/cloud/fuelapi/interaction/v1/interactions/{id}/audit/all — cookie-only proxy version of the documented marketingcloudapps.com/contactsmeta/fuelapi/... path. Works with session cookies alone, no CSRF needed.

Status Colors

• Green — Published / Running (active journey)
• Amber — Draft / Paused / Unpublished
• Red — Stopped / Deleted
• Blue — ScheduledToRun / ScheduledToPublish

Reports

Reports open in a new browser tab as standalone self-contained HTML pages. Fully client-side — no server required. Each report ships with live filtering, sortable columns, theme switching, and a Download CSV button in the header that converts the embedded data to CSV without round-tripping back to the extension.

Available Reports

Report Features

• Download CSV (in-blob) — accent-filled button in the report header. UTF-8 BOM, proper escaping. Self-contained — the data is embedded in the HTML, conversion runs in the page's own JS.
• Live Filter — text input that narrows rows in real time
• Sortable Columns — click any column header to toggle ascending/descending
• Color-coded Badges — status colors match the panel
• Dark / Light Theme — server-side theme injection so the report opens correct on first paint
• Instance Metadata — report header shows SFMC instance, generation date, total count
• Scout Logo — branded report header

Asset Report — Clickable CDN Links

For uploaded files (images, PDFs, fonts), the asset Name cell links to fileProperties.publishedURL so the report doubles as a one-click audit dashboard for production assets.

Snippets

The Snippets feature lets you save, organize, and re-deploy reusable code blocks (AMPscript, SSJS, SQL) across your SFMC work.

Snippet Storage

• Stored in chrome.storage.local — persists across sessions
• Each snippet has: label, language tag (ampscript / ssjs / sql), code body
• Syntax-highlighted preview in the panel

Ace Editor Deployment

Scout can detect open Ace editor instances on the current SFMC page (Cloud Pages, Script Activities) and inject snippet code directly into them:

1. Navigate to a Cloud Page or Script Activity in SFMC
2. Open Scout → Snippets
3. Click Deploy on a snippet
4. injected_script.js locates the active Ace editor instance
5. Code is inserted at the current cursor position

Security & Privacy

Data Handling

• No external transmission — all API calls go directly to SFMC's own servers using your browser session
• No credentials captured — Scout only reads CSRF tokens, never usernames or passwords
• Local storage only — tokens stored in chrome.storage.local, scoped to your browser profile
• Session-bound tokens — all tokens expire when your SFMC session ends

Permissions Justification

Limitations

Technical Constraints

• Active Session Required — All API calls require an active authenticated SFMC browser session
• Single Business Unit — Scout operates within the Business Unit of the currently active tab
• Chrome Only — MV3 extension architecture; not compatible with Firefox or Safari
• Rate Limits — SFMC API throttling applies; large-scale exports may take time
• No Write Operations (except DE Create) — Scout is primarily read-only; only DE creation modifies SFMC data

Known Limitations

• Ghost tab token refresh requires pop-up permission; blocked pop-ups may prevent token capture
• Ace editor deployment requires the editor to be visible and focused on the page
• Very large instances (10,000+ DEs) may hit browser memory limits during full export
• Journey detail view (step breakdown) is not available — only list view with status

Troubleshooting

Token Issues

Search Issues

Debug Steps

1. Open Chrome DevTools (F12) on the SFMC page
2. Check the Console tab for Scout log messages (prefixed with [Scout])
3. Inspect the extension service worker at chrome://extensions/ → SFMC Scout → Service Worker
4. Check chrome.storage.local for stored token values
5. Verify your SFMC session is active and not timed out

Technical Specifications

Extension Details

Supported SFMC Stacks

Browser Compatibility

• Chrome 100+ (primary supported browser)
• Edge 100+ (Chromium-based)
• Firefox (MV3 support incomplete — not recommended)
• Safari (MV3 extension API not supported)