NamedCredential

Represents a named credential, which specifies the URL of a callout endpoint and its required authentication parameters in one definition. A named credential can be specified as an endpoint to simplify the setup of authenticated callouts. This object is available in API version 51.0 and later.

Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.

Important

All credentials stored within this entity are encrypted under a framework that is consistent with other encryption frameworks on the platform. Salesforce encrypts your credentials by auto-creating org-specific keys. Credentials encrypted using the previous encryption scheme have been migrated to the new framework.

Note

Supported SOAP API Calls

create(), delete(), describeSObjects(), query(), retrieve(), update(), upsert()

Supported REST API Methods

DELETE, GET, HEAD, PATCH, POST, Query

Fields

Field	Details
AllowMergeFieldsinBody	Field Type boolean Description Specifies whether Apex code can use merge fields to populate the HTTP request body with org data when a callout is made. Corresponds to Allow Merge Fields in HTTP Body in the user interface. Defaults to `false`.
AllowMergeFieldsinHeader	Field Type boolean Description Specifies whether Apex code can use merge fields to populate the HTTP header with org data when a callout is made. Corresponds to Allow Merge Fields in HTTP Header in the user interface. Defaults to `false`.
AuthProviderId	Type string Properties Nillable Description The authentication provider that the AuthProviderId component represents. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
AuthTokenEndpointUrl	Type textarea Properties Nillable Description The URL where JSON Web Tokens (JWTs) are exchanged for access tokens. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
AwsAccessKey	Type string Properties Filter, Group, Nillable, Sort Description First part of the access key used to sign programmatic requests to Amazon Web Services (AWS). Use when AWS Signature Version 4 is your authentication protocol. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
AwsAccessSecret	Type textarea Properties Nillable Description The second part of the access key used to sign programmatic requests to AWS. Use when AWS Signature Version 4 is your authentication protocol. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
AwsRegion	Type string Properties Filter, Group, Nillable, Sort Description Specifies which AWS Region the named credential accesses. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
AwsService	Type string Properties Filter, Group, Nillable, Sort Description Specifies which AWS resource the named credential accesses. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
CalloutStatus	Field Type CalloutStatus (enumeration of type string) Description Specifies whether the named credential is enabled for callouts. Valid values are: `Disabled`: The named credential is disabled for callouts. `Enabled`: The named credential is enabled for callouts. This field is available in API version 59.0 and later.
CertificateId	Type reference Properties Filter, Group, Nillable, Sort Description If you specify a certificate, your Salesforce org supplies it when establishing each two-way SSL connection with the external system. The certificate is used for digital signatures, which verify that requests are coming from your Salesforce org. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0. Relationship Name Certificate Relationship Type Lookup Refers To Certificate
DeveloperName	Type string Properties Filter, Group, Sort Description The developer’s internal name for the named credential used in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. This field is automatically generated, but you can supply your own value if you create the record using the API. When creating large sets of data, always specify a unique DeveloperName for each record. If no DeveloperName is specified, performance may slow while Salesforce generates one for each record. Note Only users with View DeveloperName OR View Setup and Configuration permission can view, group, sort, and filter this field. Note
Endpoint	Type textarea Properties Nillable Description The URL or root URL of the callout endpoint. Corresponds to URL in the user interface. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
FullName	Type string Properties Create, Group, Nillable Description The full name of the associated type in Tooling API. The full name can include a namespace prefix. Query this field only if the query result contains no more than one record. Otherwise, an error is returned. If more than one record exists, use multiple queries to retrieve the records. This limit protects performance.
GenerateAuthorizationHeader	Field Type boolean Description Specifies whether Salesforce generates an authorization header and applies it to each callout that references the named credential. Corresponds to Generate Authorization Header in the user interface. Defaults to `true`. This field is available in API version 41.0 and later.
JwtAudience	Type textarea Properties Nillable Description External service or other allowed recipients for the JWT. Written as JSON, with a quoted string for a single audience and an array of quoted strings for multiple audiences. Single audience example: “aud1”. Multiple audiences example: [“aud1”, “aud2”, “aud3”]. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
JwtFormulaSubject	Type string Properties Filter, Group, Nillable, Sort Description Formula string calculating the Subject of the JWT. API names and constant strings, in single quotes, can be included. Allows a dynamic Subject unique per user requesting the token. For example, `'User='+$User.Id`. Use this field when principalType is set to `PerUser`. Corresponds to Per User Subject. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
JwtIssuer	Type string Properties Filter, Group, Nillable, Sort Description Specify who issued the JWT using a case-sensitive string. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
JwtSigningCertificateId	Type reference Properties Filter, Group, Nillable, Sort Description Certificate verifying the JWT’s authenticity to external sites. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0. Relationship Name JwtSigningCertificate Relationship Type Lookup Refers To Certificate
JwtTextSubject	Type string Properties Filter, Group, Nillable, Sort Description Static text, without quotes, that specifies the JWT Subject. Use this field when principalType is set to `NamedUser`. Corresponds to Named Principal Subject in the user interface. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
JwtValidityPeriodSeconds	Type int Properties Filter, Group, Nillable, Sort Description Specify the number of seconds that the token is valid. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
Language	Type picklist Properties Defaulted on create, Filter, Group, Nillable, Restricted picklist, Sort Description Label for the MasterLabel. In the UI, this field is Label.
ManageableState	Type picklist Properties Filter, Group, Nillable, Restricted picklist, Sort Description Indicates the manageable state of the specified component that is contained in a package. Possible values are: `beta`—Managed-Beta `deleted`—Managed-Proposed-Deleted `deprecated`—Managed-Proposed-Deprecated `deprecatedEditable`—SecondGen-Installed-Deprecated `installed`—Managed-Installed `installedEditable`—SecondGen-Installed-Editable `released`—Managed-Released `unmanaged`—Unmanaged
MasterLabel	Type string Properties Filter, Group, Sort Description Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations. Important The main label for the named credential. This display value is the internal label that doesn’t get translated.
Metadata	Type NamedCredential Properties Create, Nillable, Update Description Provides access to the associated metadata type and related fields in Tooling API. Query this field only if the query result contains no more than one record. Otherwise, an error is returned. If more than one record exists, use multiple queries to retrieve the records. This limit protects performance.
NamedCredentialParameters	Type NamedCredentialParameter[] Properties Nillable Description Reference to the (one or more) NamedCredentialParameter used to configure a named credential. This field is available in API version 56.0 and later.
NamedCredentialType	Type picklist Properties Filter, Group, Nillable, Restricted picklist, Sort Description Specifies the type or behavior of this named credential. Valid values are: `Legacy`: The named credential is a legacy type, which means that it doesn’t use the schema introduced in the Winter ‘23 release. Used for backward compatibility. `PrivateEndpoint`: The named credential sends traffic through a private connection, bypassing the public internet. If the credential type is `PrivateEndpoint`, you must specify the value of OutboundNetworkConnection. `SecuredEndpoint`: The named credential is extensible and uses external credentials to control authentication and permissions. `Standard`: Reserved for internal use. This field is available in API version 56.0 and later.
NamespacePrefix	Type string Properties Filter, Group, Nillable, Sort Description The namespace prefix that is associated with this object. Each Developer Edition org that creates a managed package has a unique namespace prefix. Limit: 15 characters. You can refer to a component in a managed package by using the `namespacePrefix__componentName` notation.
OauthRefreshToken	Type textarea Properties Nillable Description The OAuth refresh token. Used to obtain a new access token for an end user when a token expires. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
OauthScope	Type string Properties Filter, Nillable, Sort Description Specifies the scope of permissions to request for the access token. Corresponds to Scope in the user interface. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
OauthToken	Type textarea Properties Nillable Description The access token that’s issued by your authorization server. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
OutboundNetworkConnectionId	Type reference Properties Filter, Group, Nillable, Sort Description Specifies the outbound network connection that uses the named credential to send callouts to AWS. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0. Relationship Name OutboundNetworkConnection Relationship Type Lookup Refers To OutboundNetworkConnection
Password	Type textarea Properties Nillable Description The password to be used by your org to access the external system. Ensure that the credentials have adequate privileges to access the external system. Depending on how you set up access, you might need to provide the administrator password. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
PrincipalType	Type picklist Properties Filter, Group, Restricted picklist, Sort Description Determines whether you're using one set or multiple sets of credentials to access the external system. Corresponds to Identity Type in the user interface. Valid values are: `Anonymous` `NamedUser` `PerUser` This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
Protocol	Type picklist Properties Filter, Group, Restricted picklist, Sort Description The authentication protocol that’s required to access the external system. Valid values are: `AwsSv4` `Jwt` `JwtExchange` `NoAuthentication` `Oauth` `Password` For connections to Amazon Web Services using Signature Version 4, use `AwsSv4`. For connections using a direct token system, select `Jwt`. If using an intermediary authorization provider to process JWTs and return access tokens, use `JwtExchange`. For Simple URL data sources, select `NoAuthentication`. For cloud-based Files Connect external systems, select `Oauth`. For on-premises systems, select `Password`. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.
Username	Type string Properties Filter, Group, Nillable, Sort Description The username to be used by your org to access the external system. Ensure that the credentials have adequate privileges for performing callouts to the external system. Depending on how you set up access, you might need to provide the administrator username. This field is valid only when NamedCredentialType is set to `Legacy`. This field is deprecated in API version 56.0.