Metadata API Developer Guide

Introduction to Metadata API
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
Data Cloud Metadata Types
AccountRelationshipShareRule
AccountingFieldMapping
AccountingModelConfig
ActionLinkGroupTemplate
ActionPlanTemplate
ActionableListDefinition
AdvAccountForecastSet
AffinityScoreDefinition
AIApplication
AIApplicationConfig
AIScoringModelDefinition
AIUsecaseDefinition
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BillingSettings
BlacklistedConsumer
Bot
BotBlock
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareBenefitVerifySettings
CareLimitType
CareSystemFieldMapping
CareProviderSearchConfig
CareRequestConfiguration
Certificate
ChatterExtension
ChoiceList
ClaimFinancialSettings
ClauseCatgConfiguration
CleanDataService
CMSConnectSource
Community (Zone)
CommerceSettings
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
ContextDefinition
ConversationMessageDefinition
ConversationVendorInfo
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomIndex
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataWeaveResource
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DigitalExperienceBundle
DigitalExperienceConfig
DisclosureDefinition
DisclosureDefinitionVersion
DisclosureType
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentCategory
DocumentCategoryDocumentType
DocumentChecklistSettings
DocumentType
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EnablementMeasureDefinition
EnablementProgramDefinition
EnblProgramTaskSubCategory
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExperiencePropertyTypeBundle (Beta)
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetMessageToken
ExpressionSetObjectAlias
ExternalAuthIdentityProvider
ExternalClientApplication
ExternalCredential
ExternalAIModel
ExternalServiceRegistration
ExtlClntAppConfigurablePolicies
ExtlClntAppGlobalOauthSettings
ExtlClntAppOauthConfigurablePolicies
ExtlClntAppOauthSettings
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FuelType
FuelTypeSustnUom
FunctionReference
FundraisingConfig
GatewayProviderPaymentMethodType
GenAiFunction
GenAiPlanner
GenAiPlugin
GenAiPluginInstructionDef
GenAiPromptTemplate
GenAiPromptTemplateActv
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InboundCertificate
InboundNetworkConnection
IndustriesPricingSettings
IndustriesRatingSettings
InstalledPackage
IntegrationProviderDef
IPAddressRange
KeywordList
Layout
LearningItemType
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedEventSubscription (Beta)
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
MobileSecurityAssignment
MobileSecurityPolicy
MobSecurityCertPinConfig
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
OauthTokenExchangeHandler
OcrSampleDocument
OcrTemplate
OmniExtTrackingDef
OmniScript
OmniSupervisorConfig
OmniTrackingGroup
OutboundNetworkConnection
Package
ParticipantRole
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PersonAccountOwnerPowerUser
PipelineInspMetricConfig
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
PublicKeyCertificate
PublicKeyCertificateSet
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RecordAggregationDefinition
RecordAlertCategory
RegisteredExternalService
ReferencedDashboard
RelatedRecordAssocCriteria
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
SearchCustomization
SearchOrgWideObjectConfig
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
ServiceProcess
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SustainabilityUom
SustnUomConversion
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UiFormatSpecificationSet
UIObjectRelationConfig
UserAccessPolicy
UserAuthCertificate
UserCriteria
UserProfileSearchScope
UserProvisioningConfig
VirtualVisitConfig
WaveAnalyticAssetCollection
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreBundle
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

ExtlClntAppOauthSettings

Represents the settings configuration for the external client app’s OAuth plugin.

Parent Type

This type extends the Metadata metadata type and inherits its fullName field.

File Suffix and Directory Location

ExtlClntAppOauthSettings components have the suffix .ecaOauth and are stored in the extlClntAppOauthSettings folder.

Version

ExtlClntAppOauthSettings components are available in API version 59.0 and later.

Special Access Rules

Access to the OAuth plugin requires orgs to enable the Allow Access to OAuth Consumer Secrets via Metadata API permission in Setup. The View External Client Apps Consumer Secrets in Metadata user permission is required for users with developer roles to configure OAuth settings.

Fields

Field Name Description
areAttributesIncludedInAssetToken
Field Type
boolean
Description
Indicates whether custom attributes associated with the external client app are included in the JSON Web Token (JWT) payload of an asset token issued as a result of the asset token flow. The default value is false.

Available in API version 61.0 and later.
areCustomPermsIncludedInAssetToken
Field Type
boolean
Description
Indicates whether custom permissions associated with the external client app are included in the JWT payload of an asset token issued as a result of the asset token flow. The default value is false.

Available in API version 61.0 and later.
assetTokenAudiences
Field Type
string
Description
Required for the OAuth asset token flow. The audience (aud) claim in the JWT payload of an asset token issued by the external client app. This claim identifies who the asset token is intended for. The value must be an array of case-sensitive strings, each containing a StringOrURI value. Specify an audience for each intended consumer of the asset token.

Available in API version 61.0 and later.
assetTokenSigningCertificate
Field Type
string
Description
Required for the asset token flow. The ID of the self-signed certificate used to sign asset tokens issued by the external client app. The certificate size is limited to 4 KB. If your certificate is too large, try using a DER-encoded file to reduce the size.

Available in API version 61.0 and later.
assetTokenValidity
Field Type
int
Description
Required for the asset token flow. The period of time for which the asset token is valid after it’s issued, expressed as the number of seconds from 1970-01-01T0:0:0Z measured in UTC. The validity period must be within 3 minutes of the expiration time of the assertion.

Available in API version 61.0 and later.
clientAssertionCertificate
Field Type
string
Description
A certificate that's used to sign a client attestation JSON Web Token (JWT), which is required for requests to the OAuth 2.0 authorization challenge endpoint for headless identity flows for first-party apps. To confirm that the app that sent the request is your first-party app, Salesforce validates the client attestation JWT against this certificate.
commaSeparatedOauthScopes
Field Type
string
Description
OAuth scopes for the external client app, written as a comma-separated list.
customAttributes
Field Type
ExtlClntAppOauthSettingsAttribute[]
Description
Unique attributes to be included as developer defaults. The maximum number accepted is 128. Each custom attribute must have a unique key and use an available field.
externalClientApplication
Field Type
string
Description

Required.

The external client app associated with this OAuth plugin.
isFirstPartyAppEnabled
Field Type
boolean
Description
Determines whether a first-party app can send requests to the OAuth 2.0 authorization challenge endpoint on this Experience Cloud site. This endpoint support headless identity flows using the OAuth 2.0 for First-Party Applications draft protocol.
label
Field Type
string
Description
Label for the external client app.
oauthLink
Field Type
string
Description
An auto-generated value that combines the org ID and the OAuth Consumer ID.
singleLogoutUrl
Field Type
string
Description
URL where Salesforce sends a logout request when users log out of Salesforce.
trustedIpRanges
Field Type
ExtlClntAppOauthIpRange[]
Description
Specifies the ranges of IP addresses that can access the app without requiring the user to authenticate with the external client app. The maximum number of IP ranges is 128.

ExtlClntAppOauthSettingsAttribute

Represents developer-defined attributes that are used to include additional information in the external client apps. Developers use these attributes to customize the app for specific use cases.

Field Name Description
formula
Field Type
string
Description

Required.

The existing field that includes the desired information. For example, Organization.Country.
key
Field Type
string
Description

Required.

A unique name for the attribute. For example, country.

ExtlClntAppOauthIpRange

Represents the range of IP addresses that are trusted by the external client app.

Field Name Description
description
Field Type
string
Description
Identifies the purpose of the range, such as which part of a network corresponds to this range.
endIpAddress
Field Type
string
Description

Required.

Last address in the IP range, inclusive. Required with start address.
startIpAddress
Field Type
string
Description

Required.

First address in the IP range, inclusive. Required with end address.

Declarative Metadata Sample Definition

The following is an example of an ExtlClntAppOauthSettings component.

1<?xml version="1.0" encoding="UTF-8"?>
2<ExtlClntAppOauthSettings xmlns="http://soap.sforce.com/2006/04/metadata">
3    <externalClientApplication>myeca</externalClientApplication>
4    <label>My Oauth Settings</label>
5    <trustedIpRanges>
6        <startIpAddress>10.55.2.0</startIpAddress>
7        <endIpAddress>10.55.2.255</endIpAddress>
8        <description>Building 6</description>
9    </trustedIpRanges>
10    <trustedIpRanges>
11        <startIpAddress>10.55.12.0</startIpAddress>
12        <endIpAddress>10.55.12.255</endIpAddress>
13    </trustedIpRanges>
14    <customAttributes>
15        <key>userattribute</key>
16        <formula>User.Country</formula>
17    </customAttributes>
18    <commaSeparatedOauthScopes>Basic, Web</commaSeparatedOauthScopes>
19</ExtlClntAppOauthSettings>

The following is an example package.xml that references the previous definition.

1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>*</members>
5        <name>ExternalClientApplication</name>
6    </types>
7    <types>
8        <members>*</members>
9        <name>ExtlClntAppOauthSettings</name>
10    </types>
11    <types>
12        <members>*</members>
13        <name>ExtlClntAppGlobalOauthSettings</name>
14    </types>
15    <types>
16        <members>*</members>
17        <name>ExtlClntAppOauthConfigurablePolicies</name>
18    </types>
19    <version>59.0</version>
20</Package>

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.