Metadata API Developer Guide

Introduction to Metadata API
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
AccountRelationshipShareRule
ActionLinkGroupTemplate
ActionPlanTemplate
ActivationPlatform
ActivationPlatformField
ActvPfrmDataConnectorS3
ActvPlatformAdncIdentifier
ActvPlatformFieldValue
AdvAccountForecastSet
AIApplication
AIApplicationConfig
AIUsecaseDefinition
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BlacklistedConsumer
Bot
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareSystemFieldMapping
CareProviderSearchConfig
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataConnectorIngestApi
DataPackageKitObject
DataPackageKitDefinition
DataConnectorS3
DataSource
DataSourceBundleDefinition
DataSourceObject
DataSourceField
DataSrcDataModelFieldMap
DataStreamDefinition
DataStreamTemplate
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DigitalExperienceBundle (Beta)
DigitalExperienceConfig (Beta)
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentChecklistSettings
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetObjectAlias
ExternalCredential
ExternalDataConnector
ExternalDataSource
ExternalDataTranObject
ExternalAIModel
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FieldSrcTrgtRelationship
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FunctionReference
GatewayProviderPaymentMethodType
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InboundCertificate
InboundNetworkConnection
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InstalledPackage
IPAddressRange
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MktCalcInsightObjectDef
MktDataTranObject
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
ObjectSourceTargetMap
OcrSampleDocument
OcrTemplate
OmniScript
OutboundNetworkConnection
Package
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RecordAlertCategory
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
StreamingAppDataConnector
SustainabilityUom
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UserAuthCertificate
UserCriteria
UserProvisioningConfig
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

CustomSite

Represents a Salesforce site. Create public websites and applications that are directly integrated with your Salesforce organization, but don't require users to log in with a username and password.

Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.

Important

For more information, see “Salesforce Sites” in Salesforce Help.

CustomSite doesn’t currently support syndication feeds.

Note

This type extends the Metadata metadata type and inherits its fullName field.

Declarative Metadata File Suffix and Directory Location

Lightning Platform CustomSite components are stored in the sites directory of the corresponding package directory. The file name matches the site name, and the extension is .site.

Version

Lightning Platform CustomSite components are available in API version 14.0 and later.

Fields

Field Field Type Description
active boolean Required. Determines whether the site is active.
allowHomePage boolean Required. Determines whether the standard home page is visible to public users. This field is available in API version 15.0 and later.
allowStandardAnswersPages boolean Determines whether the standard answer pages are visible to public users. This field is available in API version 19.0 and later.
allowStandardIdeasPages boolean Required. Determines whether the standard Ideas pages are visible to public users. This field is available in API version 15.0 and later.
allowStandardLookups boolean Required. Determines whether the standard lookup pages are visible to public users. This field is available in API version 15.0 and later.
allowStandardPortalPages boolean Required. When enabled, authenticated users in this site can access standard Salesforce pages as allowed by their access controls. When disabled, authenticated users in this site can't access standard Salesforce pages, even if their access controls allow it. If your site serves only Visualforce pages, disabling this setting helps add a layer of access protection to your site. This field is available in API version 39.0 and later.
allowStandardSearch boolean Required. Determines whether the standard search pages are visible to public users. This field is available in API version 15.0 and later.
analyticsTrackingCode string The tracking code associated with your site. Services such as Google Analytics can use this code to track page request data for your site. This field is available in API version 17.0 and later.
authorizationRequiredPage string The name of the Visualforce page to be displayed when the guest user tries to access a page for which they are not authorized.
bandwidthExceededPage string The name of the Visualforce page to be displayed when the site has exceeded its bandwidth quota.
browserXssProtection boolean Required. Determines whether protection against reflected cross-site scripting attacks is enabled. If a reflected cross-site scripting attack is detected, the browser shows a blank page with no content. Available in API version 41.0 and later.
cachePublicVisualforcePagesInProxyServers boolean Indicates whether proxy servers cache this site’s publicly available pages only for unauthenticated guest users (true) or not (false). When this field is false, this site’s cache-enabled Visualforce pages are cached in the web browser for both authenticated and unauthenticated users. The default is true. See Configure Site Caching in Salesforce Help for more information.

This field is available in API version 52.0 and later.
changePasswordPage string The name of the Visualforce page to be displayed when the portal user attempts to change their password for either the portal or for Chatter Answers, when enabled.
chatterAnswersForgotPasswordConfirmPage string The name of the Visualforce page to be displayed that informs the user that an email has been sent to them with a temporary password. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersForgotPasswordPage string The name of the Visualforce page to be displayed when a user clicks the link to retrieve a forgotten password. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersHelpPage string The name of the Visualforce page to be displayed when the user clicks the help link. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersLoginPage string The name of the Visualforce page to be displayed to allow users to log in to the portal. This field is available if Chatter Answers is enabled for your organization. This field is available in API version 27.0 and later.
chatterAnswersRegistrationPage string The name of the Visualforce page to be displayed to allow users to register themselves and access the portal. This field is available in API version 27.0 and later.
clickjackProtectionLevel SiteClickjackProtectionLevel (enumeration of type string) Required. Sets the clickjack protection level. The options are:
  • AllowAllFraming — Allow framing by any page (no protection)
  • External — Allow framing of site or Experience Cloud site pages on external domains (good protection)
  • SameOriginOnly — Allow framing by the same origin only (recommended)
  • NoFraming — Don’t allow framing by any page (most protection)
This field is available in API version 30.0 and later.
contentSniffingProtection boolean Required. Determines whether the browser is prevented from inferring the MIME type from the document content. If enabled, it also prevents the browser from executing some malicious files (JavaScript, Stylesheet) as dynamic content. This field is available in API version 41.0 and later.
cspUpgradeInsecureRequests boolean This field is removed in API version 52.0 and later. In API version 51.0 and earlier, the value in the field is ignored.
customWebAddresses SiteWebAddress[] The root custom URLs associated with the site. Saving or deploying a CustomSite replaces all root custom URLs in the site with the root custom URLs in this list. Custom URLs that use a non-root path prefix are not included in this list and are not affected when saving or deploying a CustomSite. This field is available in API version 21.0 and later.
description string The site description.
enableAuraRequests boolean Determines whether guest users can view features available only in Lightning (true). If set to false, Lightning features don’t load. This field is available in API version 46.0 and later.
favoriteIcon string The name of the file to be used for the icon that appears in the browser's address field when visiting the site. Sets the favorite icon for the entire site.
fileNotFoundPage string The name of the Visualforce page to be displayed when the guest user tries to access a non-existent page.
forgotPasswordPage string The name of the Visualforce page to be displayed when a user clicks the Forgot Password link on the site’s login page. This field is only applicable for Experience Cloud sites.
genericErrorPage string The name of the Visualforce page to be displayed for errors not otherwise specified.
guestProfile string Read only. The name of the profile associated with the guest user.
inMaintenancePage string The name of the Visualforce page to be displayed when the site is down for maintenance.
inactiveIndexPage string The name of the Visualforce page set as the inactive site home page.
indexPage string Required. The name of the Visualforce page set as the active site home page.
masterLabel string Required. The name of the site label in the Salesforce user interface.
myProfilePage string The name of the Visualforce page to be displayed as the site user’s profile page, where users can update their contact information. This field is available in API version 20.0 and later.
portal string The name of the portal associated with this site for login access.
redirectToCustomDomain boolean Indicates whether requests for this site’s system-managed URLs are redirected to the HTTPS custom domain serving this site (true) or not (false). System-managed site URLs end in *.force.com, *.my.salesforce-sites.com, or *.my.site.com. In Experience Cloud sites, the default is false. In Salesforce Sites, the default is true.

If multiple custom domains serve this site and this field is set to true, requests are routed to the site’s primary custom URL only if it’s an HTTPS custom domain. Otherwise, requests are redirected to the first HTTPS custom domain associated with this site, in alphanumeric order. If no HTTPS custom domain serves this site, this option has no effect.

This field is available in API version 52.0 and later.
referrerPolicyOriginWhenCrossOrigin boolean Required. Determines whether the referrer header shows only Salesforce.com rather than the entire URL when loading a page. This feature eliminates the potential for a referrer header to reveal sensitive information that could be present in a full URL, such as an org ID. This field is available in API version 41.0 and later.
requireHttps boolean This field is removed in API version 52.0 and later. In API version 51.0 and earlier, the value in the field is ignored.
requireInsecurePortalAccess boolean Determines whether to override your organization's security settings and exclusively use HTTP when logging in to the associated portal from your site. Removed in API version 50.0 and later.
robotsTxtPage string The name of the Visualforce page to be displayed for the robots.txt file used by web crawlers.
selfRegPage string Visualforce page used for self-registration.
serverIsDown string The name of the static resource to be displayed from the cache server when Salesforce servers are down. The static resource must be a public zip file 1 MB or smaller and must contain a page named maintenance.html at the root level of the zip file. Other resources in the zip file, such as images or CSS files, can follow any directory structure. This field is available in API version 17.0 and later.
siteAdmin string The username of the site administrator.
siteGuestRecordDefaultOwner string The username of the user who owns all new records that unauthenticated guest users create. This field is available in API version 51.0 and later.
siteIframeWhiteListUrls SiteIframeWhiteListUrl[] The list of external domains that you allow to frame your Salesforce site. This field is available in API 49.0 and later.
siteRedirectMappings SiteRedirectMapping[] An array of all URL redirect rules set for your site. This field is available in API version 20.0 and later.
siteTemplate string The name of the Visualforce page to be used as the site template.
siteType siteType Required. Identifies whether the site is a Visualforce (Salesforce Sites), Site.com site, or ChatterNetwork (Salesforce Sites).This field is available in API version 27.0 and later.
subdomain string Required. Read only. The custom subdomain prefix for the site. For example, if your site URL is mycompany.force.com/partners, mycompany is the subdomain.

If enhanced domains are enabled, your site URL is different and uses your My Domain name as the subdomain. For details, see My Domain URL Formats in Salesforce Help.

If you enabled Salesforce Sites or Digital Experiences after you enabled enhanced domains, this field returns a null value. If you enabled Salesforce Sites or Digital Experiences before you enabled enhanced domains, this field returns this site’s previous subdomain.

Note
urlPathPrefix string The first part of the path on the site's URL that distinguishes this site from other sites. For example, if your site URL is MyDomainName.my.salesforce-sites.com/partners, partners is the urlPathPrefix.

If you’re not using enhanced domains, your org’s My Domain URLs are different. For details, see My Domain URL Formats in Salesforce Help.

Note

SiteIframeWhiteListUrl

Represents the external domains that you allow to frame your site or experience pages.

Where possible, we changed noninclusive terms to align with our company value of Equality. Because changing terms in our code can break current implementations, we maintained this metadata type’s name.

Important

Field Field Type Description
url string Required. The trusted domain that you allow to frame your site or Experience Cloud site pages. Accepts these formats: example, example.com, *example.com, and https://example.com.

SiteRedirectMapping

SiteRedirectMapping represents a URL redirect rule on your Salesforce site.” in Salesforce Help.

Field Field Type Description
action SiteRedirect (enumeration of type string) Required. The type of the redirect. Available string values are:
  • Permanent
  • Temporary
isActive boolean The status of the redirect: active or inactive.
source string Required. The URL that you want to redirect. It must be a relative URL, but can have any valid extension type, such as .html or .php.
target string Required. The new URL you want users to visit. It can be a relative URL or a fully-qualified URL with an http:// or https:// prefix.

SiteWebAddress

Represents the web address of a Salesforce site.

Field Field Type Description
certificate string Identifies the certificate associated with the custom domain. If the custom domain is set up for Salesforce to serve HTTPS, this field indicates which certificate to use.
domainName string Required. The domain of the website, in the form of www.acme.com.
primary boolean Required. Indicates whether this is the primary domain (true). If false, this is not the primary domain.

Declarative Metadata Sample Definition

Here is a sample XML definition of a site.

1<?xml version="1.0" encoding="UTF-8"?>
2<CustomSite xmlns="http://soap.sforce.com/2006/04/metadata">
3    <active>true</active>
4    <allowHomePage>true</allowHomePage>
5    <allowStandardAnswersPages>true</allowStandardAnswersPages>
6    <allowStandardIdeasPages>true</allowStandardIdeasPages>
7    <allowStandardLookups>true</allowStandardLookups>
8    <allowStandardPortalPages>true</allowStandardPortalPages>
9    <allowStandardSearch>true</allowStandardSearch>
10    <analyticsTrackingCode>UA-000000-2</analyticsTrackingCode>
11    <authorizationRequiredPage>Unauthorized</authorizationRequiredPage>
12    <bandwidthExceededPage>BandwidthExceeded</bandwidthExceededPage>
13    <browserXssProtection>true</browserXssProtection>
14    <cachePublicVisualforcePagesInProxyServers>false</cachePublicVisualforcePagesInProxyServers>
15    <changePasswordPage>ChangePassword</changePasswordPage>
16    <chatterAnswersForgotPasswordConfirmPage>ChatterAnswersForgotPasswordConfirm</chatterAnswersForgotPasswordConfirmPage>
17    <chatterAnswersForgotPasswordPage>ChatterAnswersForgotPassword</chatterAnswersForgotPasswordPage>
18    <chatterAnswersHelpPage>ChatterAnswersHelp</chatterAnswersHelpPage>
19    <chatterAnswersLoginPage>ChatterAnswersLogin</chatterAnswersLoginPage>
20    <chatterAnswersRegistrationPage>ChatterAnswersRegistration</chatterAnswersRegistrationPage>
21    <clickjackProtectionLevel>SameOriginOnly</clickjackProtectionLevel>
22    <contentSniffingProtection>true</contentSniffingProtection>
23    <customWebAddresses>
24      <domainName>www.testing123.com</domainName>
25      <primary>true</primary>
26    </customWebAddresses>
27    <description>Partners portal for My Company</description>
28    <enableAuraRequests>true</enableAuraRequests>
29    <favoriteIcon>myFavIcon</favoriteIcon>
30    <fileNotFoundPage>FileNotFound</fileNotFoundPage>
31    <forgotPasswordPage>ForgotPassword</forgotPasswordPage>
32    <genericErrorPage>Exception</genericErrorPage>
33    <guestProfile>Guest</guestProfile>
34    <inMaintenancePage>InMaintenance</inMaintenancePage>
35    <inactiveIndexPage>Inactive</inactiveIndexPage>
36    <indexPage>UnderConstruction</indexPage>
37    <masterLabel>customSite</masterLabel>
38    <myProfilePage>UserProfile</myProfilePage>
39    <portal>Customer Portal</portal>
40    <redirectToCustomDomain>true</redirectToCustomDomain>
41    <referrerPolicyOriginWhenCrossOrigin>true</referrerPolicyOriginWhenCrossOrigin>
42    <robotsTxtPage>RobotsTxt</robotsTxtPage>
43    <selfRegPage>SelfReg</selfRegPage>
44    <serverIsDown>MyServerDownResource</serverIsDown>
45    <siteAdmin>admin@myco.org</siteAdmin>
46    <siteGuestRecordDefaultOwner>admin@myco.org</siteGuestRecordDefaultOwner>
47    <siteIframeWhiteListUrl>
48      <url>example.com</url>
49    </siteIframeWhiteListUrl>
50    <siteTemplate>SiteTemplate</siteTemplate>
51    <siteType>Siteforce</siteType>
52    <subdomain>myco</subdomain>
53    <urlPathPrefix>partners</urlPathPrefix>
54</CustomSite>

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.