Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
ActionLinkGroupTemplate
AnalyticSnapshot
ArticleType
ApexClass
ApexComponent
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
ApprovalProcess
AssignmentRules
AuraDefinitionBundle
AuthProvider
AutoResponseRules
CallCenter
CampaignInfluenceModel
Certificate
CleanDataService
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomLabels
Custom Metadata Types (CustomObject)
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DelegateGroup
Document
DuplicateRule
EclairGeoData
EmailTemplate
EntitlementProcess
EntitlementTemplate
EscalationRules
ExternalDataSource
FlexiPage
Flow
ExternalServiceRegistration
FlowDefinition
Folder
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InstalledPackage
KeywordList
Layout
Letterhead
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
ModerationRule
NamedCredential
Network
Package
PathAssistant
PermissionSet
PlatformCachePartition
Portal
PostTemplate
Profile
ProfileActionOverride
Queue
QuickAction
RemoteSiteSetting
Report
ReportType
Role
RoleOrTerritory
SamlSsoConfig
Scontrol
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TransactionSecurityPolicy
Translations
UserCriteria
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveTemplateBundle
Wavexmd
Workflow
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

TransactionSecurityPolicy

Represents a transaction security policy definition. Transaction Security policies give you a way to look through events in your organization and specify actions to take when certain combinations occur.

This type extends the Metadata metadata type and inherits its fullName field.

File Suffix and Directory Location

TransactionSecurityPolicy components have the suffix .transactionSecurityPolicy and are stored in the transactionSecurityPolicies folder.

Version

TransactionSecurityPolicy components are available in API version 35.0 and later.

Fields

Field Name Field Type Description
action TransactionSecurityAction Required. Describes the action to take when the matching Transaction Security policy is triggered.
active boolean Required. If true, the policy is enabled and is actively monitoring its event.
apexClass string Required. The name of the class that implements the TxnSecurity.PolicyCondition interface for this policy.
description string Optional. A description of the policy.
developerName string Optional. This unique name prevents conflicts with other policies that have the same masterLabel. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.
eventType MonitoredEvents (enumeration of type string) Indicates which type of event is being monitored. Valid values are:
  • AccessResource—Notifies you when the selected resource has been accessed.
  • AuditTrail—Reserved for future use.
  • DataExport—Notifies you when the selected object type has been exported using the Data Loader API client.
  • Entity—Notifies you on use of an object type such as an authentication provider or client browser.
  • Login—Notifies you when a user logs in.
executionUser string Required. The name of the user to notify when the policy is triggered, if any notifications have been selected. This user must have the System Administrator profile.
masterLabel string Optional. The master label for this object. This display value is the internal label that is not translated.
resourceName string Required. A resource used to narrow down the conditions under which the policy triggers. For example, with a Login event, you can add a resource to specify that only a specific login URL triggers the policy. The resources available depend on the Event Type field. Valid resources are grouped below by event type.
  • AccessResource—EventTimestamp, SessionLevel, SourceIp
  • DataExport—EventTimestamp, SessionLevel, SourceIp
  • Entity—AuthorizeUrl, ConsumerKey, ConsumerSecret, DefaultScopes, DeveloperName, ErrorUrl, FriendlyName, IconUrl, IdTokenIssuer, LogoutUrl, TokenUrl, UserInfoUrl
  • Login—ApiType, ApiVersion, Application, Browser, ClientVersion, LoginUrl, Platform, Status

TransactionSecurityAction

Describes the action to take when the matching Transaction Security policy is triggered.

Field Name Field Type Description
block boolean Required. If true, the requested operation is blocked. This action only applies to Login and AccessResource events.
endSession boolean Required. If true, a current session must be closed before a new session can be started. This action only applies to Login events.
notifications TransactionSecurityNotification[] Specifies how to notify the ystem administrator when the action is triggered. There can be none, one, or multiple notifications.
twoFactorAuthentication boolean Required. If true, two-factor authentication is required for a higher level of access before the requested operation can continue. This action only applies to Login and AccessResource events.

TransactionSecurityNotification

Describes who to notify and how to notify them when the matching Transaction Security policy is triggered.

Field Name Field Type Description
inApp boolean True if an in-app notification is selected.
sendEmail boolean True if an email notification is selected.
user string The administrator to receive the notification. This user must belong to the System Administrator profile.

Declarative Metadata Sample Definition

The following is an example of a TransactionSecurityPolicy component.

1<?xml version="1.0" encoding="UTF-8"?>
2<TransactionSecurityPolicy xmlns="http://soap.sforce.com/2006/04/metadata">
3    <action>
4        <block>true</block>
5        <endSession>false</endSession>
6        <notifications>
7            <inApp>false</inApp>
8            <sendEmail>true</sendEmail>
9            <user>admin@your.org</user>
10        </notifications>
11        <twoFactorAuthentication>false</twoFactorAuthentication>
12    </action>
13    <active>true</active>
14    <apexClass>TxnSecurityMdApiPolicy</apexClass>
15    <eventType>Login</eventType>
16    <executionUser>admin@your.org</executionUser>
17    <resourceName>LoginHistory</resourceName>
18</TransactionSecurityPolicy>

The following is an example package manifest used to deploy or retrieve the transaction security metadata for an organization.

1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>MySecurityPolicy</members>
5        <name>TransactionSecurityPolicy</name>
6    </types>
7    <version>35.0</version>
8</Package>