Tooling API

Introducing Tooling API
SOAP Calls
Tooling API Objects and Namespaces
Tooling API Objects
AccountPlanObjMeasCalcCond
AccountPlanObjMeasCalcDef
ActivationPlatform
AdvAcctFrcstDisplayGroup
AdvAccountForecastSet
AdvAcctForecastMeasureDef
AIApplication
AIApplicationConfig
AnimationRule
ApexClass
ApexClassMember
ApexCodeCoverage
ApexCodeCoverageAggregate
ApexComponent
ApexComponentMember
ApexEmailNotification
ApexExecutionOverlayAction
ApexExecutionOverlayResult
ApexLog
ApexOrgWideCoverage
ApexPage
ApexPageInfo
ApexPageMember
ApexResult
ApexTestQueueItem
ApexTestResult
ApexTestResultLimits
ApexTestRunResult
ApexTestSuite
ApexTrigger
ApexTriggerMember
AssignmentRule
AuraDefinition
AuraDefinitionBundle
AuthorizedEmailDomain
AutoResponseRule
BrandingSet
BrandingSetProperty
BriefcaseDefinition
BusinessProcess
BusinessProcessDefinition
BusinessProcessFeedback
BusinessProcessGroup
BusProcessFeedbackConfig
Certificate
CleanDataService
CleanRule
ColorDefinition
CommunityWorkspacesNode
CompactLayout
CompactLayoutInfo
CompactLayoutItemInfo
ConnectedApplication
ContactCenterChannel
ContainerAsyncRequest
ConversationChannelDefinition
ConversationVendorInfo
CspTrustedSite
CustomApplication
CustomField
CustomFieldDisplay
CustomFieldMember
CustomHelpMenuSection
CustomHttpHeader
CustomNotificationType
CustomMsgChannel
CustomObject
CustomTab
DataAssessmentConfigItem
DataIntegrationRecordPurchasePermission
DataSourceBundleDefinition
DataStreamTemplate
DataType
DebugLevel
DelegateGroup
DelegateGroupGrant
DelegateGroupMember
DeployDetails
DeployRequest
Document
DomainProvision
DuplicateJobDefinition
DuplicateJobMatchingRuleDefinition
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceCustomComponent
EmbeddedServiceCustomization
EmbeddedServiceCustomLabel
EmbeddedServiceFieldService
EmbeddedServiceFlow
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuItem
EmbeddedServiceMenuSettings
EmbeddedServiceQuickAction
EmbeddedServiceResource
EnrichedField
EntityDefinition
EntityLimit
EntityParticle
EventDelivery
EventRelayConfig
EventSubscription
ExternalAuthIdentityProvider
ExternalClientAppSettings
ExternalCredential
ExternalDataSource
ExternalDataSrcDescriptor
ExternalServiceRegistration
ExternalString
ExternalDataTransportFieldTemplate
ExternalDataTransportObjectTemplate
ExternalStringLocalization
FieldDefinition
FieldMapping
FieldMappingField
FieldMappingRow
FieldRestrictionRule
FieldSet
FlexiPage
Flow
FlowDefinition
FlowElementTestCoverage
FlowTest
FlowTestCoverage
FlowTestResult
ForecastingDisplayedFamily
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FormulaFunction
FormulaFunctionAllowedType
FormulaOperator
GenAiFunctionDefinition
GenAiPlannerDefinition
GlobalValueSet
Group
GtwyProvPaymentMethodType
HeapDump
HistoryRetentionJob
HomePageComponent
HomePageLayout
IconDefinition
InboundNetworkConnection
InboundNetworkConnProperty
Index
IndexField
InstalledSubscriberPackage
InstalledSubscriberPackageVersion
InvocableActionExtension
IPAddressRange
KeywordList
Layout
LightningComponentBundle
LightningComponentResource
LightningOutApp
LookupFilter
ManagedContentNodeType
ManagedContentType
ManagedEventSubscription (Beta)
MarketingAppExtension
MarketingAppExtAssignment
MarketingAppExtActivity
MarketingAppExtAction
MatchingRule
MenuItem
MetadataComponentDependency (Beta)
MetadataContainer
MetadataPackage
MetadataPackageVersion
MLDataDefinition
MLField
MLFilter
MLPredictionDefinition
ModerationRule
NamedCredential
ObjectHierarchyRelationship
OmniSupervisorConfig
OperationLog
OpportunitySplitType
OrgDomainLog
OutboundNetworkConnection
OutboundNetworkConnProperty
OwnerChangeOptionInfo
PackageInstallRequest
PackageUploadRequest
PackageVersionUninstallRequestError
PathAssistant
Package2
Package2Member
Package2Version
Package2VersionCreateRequest
Package2VersionCreateRequestError
PardotTenant
PathAssistantStepInfo
PathAssistantStepItem
PaymentGatewayProvider
PermissionDependency
PermissionSet
PermissionSetAssignment
PermissionSetGroup
PermissionSetGroupComponent
PermissionSetTabSetting
PipelineInspMetricConfig
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
PresenceDeclineReason
PresenceUserConfig
PostTemplate
ProcessFlowMigration
ProductAttributeSet
Profile
ProfileLayout
Publisher
QueryResult
QueueRoutingConfig
QuickActionDefinition
QuickActionList
QuickActionListItem
RecentlyViewed
RecommendationStrategy
RecordActionDeployment
RecordType
RegisteredExternalService
RelatedListColumnDefinition
RelatedListDefinition
RelationshipDomain
RelationshipInfo
ReleaseUpdate
ReleaseUpdateStep
RemoteProxy
RestrictionRule
SandboxInfo
SandboxProcess
SchedulingObjective
SchedulingRule
SearchLayout
SecurityHealthCheck
SecurityHealthCheckRisks
ServiceChannel
ServiceFieldDataType
ServicePresenceStatus
Scontrol
ShiftSegmentType
SiteDetail
Skill
SOQLResult
SourceMember
SourceMemberDeployRequest
StandardAction
StaticResource
SubscriberPackage
SubscriberPackageVersion
SubscriberPackageVersionUninstallRequest
SvcCatalogCategory
SvcCatalogCategoryItem
SvcCatalogFulfillFlowItem
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SymbolTable
TabDefinition
Territory2SupportedObject
TestSuiteMembership
TimeSheetTemplate
TimeSheetTemplateAssignment
TraceFlag
TransactionSecurityPolicy
User
UserAccessPolicy
UserAccessPolicyAction
UserAccessPolicyFilter
UserCriteria
UserEntityAccess
UserFieldAccess
ValidationRule
VirtualVisitConfig
WebLink
WebStoreTemplate
WorkflowAlert
WorkflowFieldUpdate
WorkflowOutboundMessage
WorkflowRule
WorkflowTask
WorkSkillRouting
WorkSkillRoutingAttribute
SOAP Headers for Tooling API
REST Headers for Tooling API
PDF

Newer Version Available

This content describes an older version of this product. View Latest

CspTrustedSite

Represents a trusted URL. For each CspTrustedSite, you can specify Content Security Policy (CSP) directives and permissions policy directives. Each CSP directive allows Lightning components, third-party APIs, and WebSocket connections to access a resource type from the trusted URL. If the Permissions-Policy HTTP header is enabled, each permissions policy directive grants the trusted URL access to a browser feature. In API version 58.0 and earlier, CspTrustedSite included only CSP directives and was referred to as CSP Trusted Sites in Salesforce Setup. Available in API version 39.0 and later.

Supported SOAP Calls

create(), delete(), describeSObjects(), query(), retrieve(), update(), upsert()

Supported REST HTTP Methods

GET

Limitations

SOQL Limitations

SOSL Limitations

Fields

Field Field Type Description
CanAccessCamera boolean Indicates whether this CspTrustedSite can access the user’s camera (true) or not (false). The default value is false.

This field takes effect only when the enablePermissionsPolicy field equals true and the grantCameraAccess field equals TrustedUrls in the SecuritySettings metadata API type.

This field is available in API version 59.0 and later.
CanAccessMicrophone boolean Indicates whether this CspTrustedSite can access the user’s microphone (true) or not (false). The default value is false.

This field takes effect only when the enablePermissionsPolicy field equals true and the grantMicrophoneAccess field equals TrustedUrls in the SecuritySettings metadata API type.

This field is available in API version 59.0 and later.
Context CspTrustedSiteContext (enumeration of type string) Declares the scope of the CSP directives for the trusted URL.
  • All—Apply the CSP directives to all supported context types.
  • Communities—Apply the CSP directives to Experience Builder sites only.
  • FieldServiceMobileExtension—Apply the CSP directives to the Field Service Mobile Extensions only. Available in API version 47.0 and later.
  • LEX—Apply the CSP directives to Lightning Experience only.
  • LightningOut—Reserved for future use. Available in API version 64.0 and later
  • VisualForce—Apply the CSP directives to custom Visualforce pages only. Available in API version 55.0 and later.

For custom Visualforce pages, content is restricted to trusted URLs only if the page’s cspHeader attribute is set to true.

This field is available in API version 44.0 and later.
Description string The description of this trusted URL.
EndpointUrl string Required. The URL for this CspTrustedSite.

This field must include a domain name and can include a port. For example, https://example.com or https://example.com:8080.

To reduce repetition, you can use the wildcard character * (asterisk). For example, *.example.com. For a third-party API, the URL must begin with https://. For example, https://example.com. For a WebSocket connection, the URL must begin with wss://. For example, wss://example.com.
IsActive boolean Indicates whether this CspTrustedSite is active (true) or not (false). The default value is true.
IsApplicableToConnectSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load URLs using script interfaces from this trusted URL (true) or not (false). This field has a default value of false.

This field is available in API version 48.0 and later.
IsApplicableToFontSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load fonts from this trusted URL (true) or not (false). This field is available in API version 48.0 and later.
IsApplicableToFrameSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load resources contained in <iframe> elements from this trusted URL (true) or not (false). This field has a default value of false.

This field is available in API version 48.0 and later.
IsApplicableToImgSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load images from this trusted URL (true) or not (false). This field has a default value of false.

This field is available in API version 48.0 and later.
IsApplicableToMediaSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load audio and video from this trusted URL (true) or not (false). This field has a default value of false.

This field is available in API version 48.0 and later.
IsApplicableToStyleSrc boolean Indicates whether Lightning components, third-party APIs, and WebSocket connections can load style sheets from this trusted URL (true) or not (false). This field has a default value of false.

This field is available in API version 48.0 and later.
MobileExtension string Reserved for future use.

Usage

For each CSPTrustedSite, at least one field starting with grantAccess or isApplicableTo must be set to true.

In API versions 50.0 to 58.0, if all isApplicable fields are false, the isApplicableToImgSrc field is set to true. In API version 49.0 and earlier, if all isApplicable fields are false, those fields all default to true.

To ensure smooth integration across Salesforce products, Salesforce includes URLs in each of the CSP directives that correspond to the isApplicable fields, even though those URLs aren’t defined as CspTrustedSite components. Salesforce regularly updates those URLs based on the latest requirements.