Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
AccountRelationshipShareRule
ActionLinkGroupTemplate
ActionPlanTemplate
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BlacklistedConsumer
Bot
BotVersion
BrandingSet
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataSource
DataSourceObject
DataStreamDefinition
DelegateGroup
Document
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventSubscription
ExperienceBundle
ExternalDataSource
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FlexiPage
Flow
FlowCategory
FlowDefinition
Folder
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InboundCertificate
InstalledPackage
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedContentType
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
MlDomain
MktDataTranObject
MobileApplicationDetail
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
Package
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
Portal
PostTemplate
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RemoteSiteSetting
Report
ReportType
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
Scontrol
ServiceChannel
ServicePresenceStatus
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UserAuthCertificate
UserCriteria
UserProvisioningConfig
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

CustomSite

Represents a Salesforce site. Create public websites and applications that are directly integrated with your Salesforce organization, but don't require users to log in with a username and password.
For more information, see “Salesforce Sites” in the Salesforce online help.

CustomSite does not currently support syndication feeds.

Note

This type extends the Metadata metadata type and inherits its fullName field.

Declarative Metadata File Suffix and Directory Location

Lightning Platform CustomSite components are stored in the sites directory of the corresponding package directory. The file name matches the site name, and the extension is .site.

Version

Lightning Platform CustomSite components are available in API version 14.0 and later.

Fields

Field Field Type Description
active boolean Required. Determines whether the site is active.
allowHomePage boolean Required. Determines whether the standard home page is visible to public users. This is a new field in API version 15.0.
allowStandardAnswersPages boolean Determines whether the standard answer pages are visible to public users. This is a new field in API version 19.0.
allowStandardIdeasPages boolean Required. Determines whether the standard Ideas pages are visible to public users. This is a new field in API version 15.0.
allowStandardLookups boolean Required. Determines whether the standard lookup pages are visible to public users. This is a new field in API version 15.0.
allowStandardPortalPages boolean Required. When enabled, authenticated users in this site can access standard Salesforce pages as allowed by their access controls. When disabled, authenticated users in this site can't access standard Salesforce pages, even if their access controls allow it. If your site serves only Visualforce pages, disabling this setting helps add a layer of access protection to your site. This is a new field in API version 39.0.
allowStandardSearch boolean Required. Determines whether the standard search pages are visible to public users. This is a new field in API version 15.0.
analyticsTrackingCode string The tracking code associated with your site. Services such as Google Analytics can use this code to track page request data for your site. This field is available in API version 17.0 and later.
authorizationRequiredPage string The name of the Visualforce page to be displayed when the guest user tries to access a page for which they are not authorized.
bandwidthExceededPage string The name of the Visualforce page to be displayed when the site has exceeded its bandwidth quota.
browserXssProtection boolean Required. Determines whether protection against reflected cross-site scripting attacks is enabled. If a reflected cross-site scripting attack is detected, the browser shows a blank page with no content. Available in API version 41.0 and later.
changePasswordPage string The name of the Visualforce page to be displayed when the portal user attempts to change their password for either the portal or for Chatter Answers, when enabled.
chatterAnswersForgotPasswordConfirmPage string The name of the Visualforce page to be displayed that informs the user that an email has been sent to them with a temporary password. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersForgotPasswordPage string The name of the Visualforce page to be displayed when a user clicks the link to retrieve a forgotten password. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersHelpPage string The name of the Visualforce page to be displayed when the user clicks the help link. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersLoginPage string The name of the Visualforce page to be displayed to allow users to log in to the portal. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersRegistrationPage string The name of the Visualforce page to be displayed to allow users to register themselves and access the portal. This field is available in API version 27.0 and later.
clickjackProtectionLevel SiteClickjackProtectionLevel (enumeration of type string) Required. Sets the clickjack protection level. The options are:
  • AllowAllFraming — Allow framing by any page (no protection)
  • External — Allow framing of site or community pages on external domains (good protection)
  • SameOriginOnly — Allow framing by the same origin only (recommended)
  • NoFraming — Don’t allow framing by any page (most protection)
This field is available in API version 30.0 and later.
contentSniffingProtection boolean Required. Determines whether the browser is prevented from inferring the MIME type from the document content. If enabled, it also prevents the browser from executing some malicious files (JavaScript, Stylesheet) as dynamic content. This field is available in API version 41.0 and later.
cspUpgradeInsecureRequests boolean Required. Determines whether HTTP requests, including third-party domains, are upgraded to HTTPS. This field is available in API version 41.0 and later.
customWebAddresses SiteWebAddress[] The root custom URLs associated with the site. Saving or deploying a CustomSite replaces all root custom URLs in the site with the root custom URLs in this list. Custom URLs that use a non-root path prefix are not included in this list and are not affected when saving or deploying a CustomSite. This field is available in API version 21.0 and later.
description string The site description.
enableAuraRequests boolean Determines whether guest users can view features available only in Lightning (true). If set to false, Lightning features don’t load. This field is available in API version 46.0 and later.
favoriteIcon string The name of the file to be used for the icon that appears in the browser's address field when visiting the site. Sets the favorite icon for the entire site.
fileNotFoundPage string The name of the Visualforce page to be displayed when the guest user tries to access a non-existent page.
forgotPasswordPage string The name of the Visualforce page to be displayed when a user clicks the Forgot Password link on the site’s login page. This field is only applicable for Communities sites.
genericErrorPage string The name of the Visualforce page to be displayed for errors not otherwise specified.
guestProfile string Read only. The name of the profile associated with the guest user.
inMaintenancePage string The name of the Visualforce page to be displayed when the site is down for maintenance.
inactiveIndexPage string The name of the Visualforce page set as the inactive site home page.
indexPage string Required. The name of the Visualforce page set as the active site home page.
masterLabel string Required. The name of the site label in the Salesforce user interface.
portal string The name of the portal associated with this site for login access.
referrerPolicyOriginWhenCrossOrigin boolean Required. Determines whether the referrer header shows only Salesforce.com rather than the entire URL when loading a page. This feature eliminates the potential for a referrer header to reveal sensitive information that could be present in a full URL, such as an org ID. This field is available in API version 41.0 and later.
requireHttps boolean Required. Determines whether the site requires secure connections (true) or not (false). When false, the site operates normally via insecure connections instead of redirecting to a secure connection.
requireInsecurePortalAccess boolean Required. Determines whether to override your organization's security settings and exclusively use HTTP when logging in to the associated portal from your site. Removed in API version 50.0 and later.
robotsTxtPage string The name of the Visualforce page to be displayed for the robots.txt file used by web crawlers.
selfRegPage string Visualforce page used for self registration.
serverIsDown string The name of the static resource to be displayed from the cache server when Salesforce servers are down. The static resource must be a public zip file 1 MB or smaller and must contain a page named maintenance.html at the root level of the zip file. Other resources in the zip file, such as images or CSS files, can follow any directory structure. This field is available in API version 17.0 and later.
siteAdmin string The username of the site administrator.
siteIframeWhiteListUrls SiteIframeWhiteListUrl[] The list of external domains that you allow to frame your Salesforce site. This field is available in API 49.0 and later.
siteRedirectMappings SiteRedirectMapping[] An array of all URL redirect rules set for your site. This field is available in API version 20.0 and later.
siteTemplate string The name of the Visualforce page to be used as the site template.
siteType siteType Required. Identifies whether the site is a Visualforce (Salesforce Sites), Site.com site, or ChatterNetwork (Salesforce Sites).This is a new field in API version 27.0.
subdomain string Required. Read only. The custom subdomain prefix for the site. For example, if your site URL is SitesSubdomainName.secure.force.com/partners, SitesSubdomainName is the subdomain.
urlPathPrefix string The first part of the path on the site's URL that distinguishes this site from other sites. For example, if your site URL is SitesSubdomainName.secure.force.com/partners, partners is the urlPathPrefix.

SiteIframeWhiteListUrl

Represents the external domains that you allow to frame your site or community pages.

Where possible, we changed noninclusive terms to align with our company value of Equality. Because changing terms in our code can break current implementations, we maintained this metadata type’s name.

Important

Field Field Type Description
url string Required. The trusted domain that you allow to frame your site or community pages. Accepts these formats: example, example.com, *example.com, and http://example.com.

SiteRedirectMapping

SiteRedirectMapping represents a URL redirect rule on your Salesforce site. For more information, see “Salesforce Sites URL Redirects” in Salesforce Help.

Field Field Type Description
action SiteRedirect (enumeration of type string) Required. The type of the redirect. Available string values are:
  • Permanent
  • Temporary
isActive boolean The status of the redirect: active or inactive.
source string Required. The URL that you want to redirect. It must be a relative URL, but can have any valid extension type, such as .html or .php.
target string Required. The new URL you want users to visit. It can be a relative URL or a fully-qualified URL with an http:// or https:// prefix.

SiteWebAddress

Represents the web address of a Salesforce site.

Field Field Type Description
certificate string Identifies the certificate associated with the custom domain. If the custom domain is set up for Salesforce to serve HTTPS, this field indicates which certificate to use.
domainName string Required. The domain of the website, in the form of www.acme.com.
primary boolean Required. Indicates whether this is the primary domain (true). If false, this is not the primary domain.

Declarative Metadata Sample Definition

A sample XML definition of a site is shown below.

1<?xml version="1.0" encoding="UTF-8"?>
2<CustomSite xmlns="http://soap.sforce.com/2006/04/metadata">
3    <active>true</active>
4    <allowHomePage>true</allowHomePage>
5    <allowStandardIdeasPages>true</allowStandardIdeasPages>
6    <allowStandardLookups>true</allowStandardLookups>
7    <allowStandardPortalPages>true</allowStandardPortalPages>
8    <allowStandardSearch>true</allowStandardSearch>
9    <authorizationRequiredPage>Unauthorized</authorizationRequiredPage>
10    <bandwidthExceededPage>BandwidthExceeded</bandwidthExceededPage>
11    <changePasswordPage>ChangePassword</changePasswordPage>
12    <chatterAnswersForgotPasswordConfirmPage>ChatterAnswersForgotPasswordConfirm</chatterAnswersForgotPasswordConfirmPage>
13    <chatterAnswersForgotPasswordPage>ChatterAnswersForgotPassword</chatterAnswersForgotPasswordPage>
14    <chatterAnswersHelpPage>ChatterAnswersHelp</chatterAnswersHelpPage>
15    <chatterAnswersLoginPage>ChatterAnswersLogin</chatterAnswersLoginPage>
16    <chatterAnswersRegistrationPage>ChatterAnswersRegistration</chatterAnswersRegistrationPage>
17    <clickjackProtectionLevel>SameOriginOnly</clickjackProtectionLevel>
18    <customWebAddresses>
19      <domainName>www.testing123.com</domainName>
20      <primary>true</primary>
21    </customWebAddresses>
22    <siteIframeWhiteListUrl>
23      <url>example.com</url>
24    </siteIframeWhiteListUrl>
25    <favoriteIcon>myFavIcon</favoriteIcon>
26    <fileNotFoundPage>FileNotFound</fileNotFoundPage>
27    <genericErrorPage>Exception</genericErrorPage>
28    <inMaintenancePage>InMaintenance</inMaintenancePage>
29    <serverIsDown>MyServerDownResource</serverIsDown>
30    <indexPage>UnderConstruction</indexPage>
31    <masterLabel>customSite</masterLabel>
32    <portal>Customer Portal</portal>
33    <requireInsecurePortalAccess>false</requireInsecurePortalAccess>
34    <siteAdmin>admin@myco.org</siteAdmin>
35    <siteTemplate>SiteTemplate</siteTemplate>
36    <subdomain>myco</subdomain>
37</CustomSite>

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.