Experience Cloud Developer Guide
jSummer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Limit Declarative Access
Sample Code Without Sharing: Give Guest Users Access to Create Records and Read Them Later
Sample Flow: Give Guest Users Access to Create Records
Sample Code Without Sharing: Give Guest Users Access to Create and Read Records in the Same Transaction
Sample Flow Without Sharing: Give Guest Users Access to Create and Read Records in One Flow
Sample Code Without Sharing: Give Guest Users Access to Create Records and Update Them Later
Limit Access to Apex Classes
Flow Security
SOQL Injection
Analyze and Improve Experience Builder Site Performance
Add Pardot Tracking to Your Experience Builder Site
Newer Version Available
Custom Access Control Model Examples
These code and flow examples use a custom access control model to provide
unauthenticated guest users access to create records.
-
Sample Code Without Sharing: Give Guest Users Access to Create Records and Read Them Later
These code samples support two separate interactions. In the first interaction, the guest user creates a case. To allow for future access, an Apex method replaces the record ID with an encrypted string. When the guest user wants to read the case later, they enter the encrypted string. An Apex method decrypts the string and uses it to retrieve the case. -
Sample Flow: Give Guest Users Access to Create Records
In this sample flow, the guest user enters feedback and the flow stores it in a custom object record. The guest user doesn’t have access to read the record after creation. -
Sample Code Without Sharing: Give Guest Users Access to Create and Read Records in the Same Transaction
In this collection of code samples, the guest user enters details to report a support issue and Apex code creates a case. An Apex method retrieves the new record and Aura components display parts of the record to the guest user after creation. The Apex code runs without sharing because we aren’t relying on object permissions and platform sharing to allow the guest user to access the record. -
Sample Flow Without Sharing: Give Guest Users Access to Create and Read Records in One Flow
In this sample flow, the guest user enters details to report a support issue and the flow creates a case. After the guest user creates the record, a default active user becomes the owner of the record and the guest user doesn’t have direct access to it. The flow then retrieves the new case to get the case’s CaseNumber and Status fields and displays those fields to the guest user. Because the guest user doesn’t own the record after creation and the flow must retrieve the record, the flow runs without sharing. -
Sample Code Without Sharing: Give Guest Users Access to Create Records and Update Them Later
These code samples support two separate interactions. In the first interaction, the guest user creates a case. For security reasons, an Apex method replaces the record ID with an encrypted string. When the guest user wants to close the case later, they enter that encrypted string. An Apex method decrypts the string to get the record ID, uses the record ID to select the case, and updates the case’s status.