Pricing Synchronization Failure Due to Missing Certificate in Custom Setting

Symptom

The Pricing Service UI (/apex/PricingServiceUI#/sync) fails when attempting to synchronize pricing data. The synchronization request does not reach the CloudSense messaging API.

Additionally, direct API calls to the messaging service may return: "Authentication error Provided Authorization header scheme is Bearer, expecting CS-Message"

Cause

The prs_ui_tool_settings__c custom setting is missing the required certificate_name__c value. The Pricing Service UI uses csutil.DispatcherRequestUtil to authenticate and send synchronization requests to the CloudSense messaging API. Without a valid certificate name, the dispatcher cannot construct the authentication header.

A secondary issue can occur when user-level custom setting records override the organization-level defaults. Salesforce Custom Settings follow a hierarchy (User > Profile > Org), and a user-level record with incomplete data can take precedence.

Resolution

Step 1: Check the custom setting

Run the following SOQL query to verify the prs_ui_tool_settings__c records:

SELECT Id, Name, SetupOwnerId, certificate_name__c,
  dispatcher_service_endpoint__c
FROM prs_ui_tool_settings__c

If this returns 0 rows, the custom setting has not been configured. If it returns rows, check whether certificate_name__c is populated.

Step 2: Populate the custom setting

Navigate to Setup > Custom Settings > prs_ui_tool_settings__c > Manage and create or update the record:

1. Set certificate_name__c to the callout certificate name configured during provisioning (e.g., the certificate name from the CS PRE Connected App setup)
2. Set dispatcher_service_endpoint__c to the correct messaging API endpoint for your region

Step 3: Check for user-level overrides

If the custom setting exists at the org level but synchronization still fails for specific users, check for user-level overrides:

SELECT Id, SetupOwnerId, certificate_name__c
FROM prs_ui_tool_settings__c
ORDER BY SetupOwnerId

If a user-level record exists with incomplete data, either update it or delete it so the org-level default is used.

Step 4: Use the correct authentication scheme

When calling the CloudSense messaging API directly (outside the Pricing Service UI), use the CS-Message authentication scheme, not Bearer. The csutil.DispatcherRequestUtil handles this automatically when the certificate is configured.

Step 5: Verify the fix

Navigate to the Pricing Service UI and retry the synchronization. Confirm it completes successfully.

Additional Notes

• The prs_ui_tool_settings__c custom setting must be configured during the initial provisioning process. If it is missing, verify that all provisioning steps were completed
• After sandbox refreshes or org clones, the custom setting may need to be reconfigured with the correct certificate name for the new environment
• The csutil.DispatcherRequestUtil class constructs the CS-Message authentication header using the certificate. If the certificate is expired or misconfigured, the API will also reject the request