Metadata API Developer Guide

Introduction to Metadata API
Using Metadata API
Metadata API Context MCP Tool (Beta)
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
Metadata Type Limits
Data 360 Metadata Types
AccountPlanObjMeasCalcDef
AccountRelationshipShareRule
AccountingFieldMapping
AccountingModelConfig
ActionLinkGroupTemplate
ActionPlanTemplate
ActionableListDefinition
AdvAccountForecastSet
AffinityScoreDefinition
AIApplication
AIApplicationConfig
AiAuthoringBundle
AiEvaluationDefinition
AIScoringModelDefinition
AIUsecaseDefinition
AnalyticsDashboard
AnalyticSnapshot
AnalyticsVisualization
AnalyticsWorkspace
AnimationRule
AppFrameworkTemplateBundle
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BillingSettings
BlacklistedConsumer
Bot
BotBlock
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCenterRoutingMap
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareBenefitVerifySettings
CareLimitType
CareSystemFieldMapping
CareProviderSearchConfig
CareRequestConfiguration
CatalogedApi
CatalogedApiArtifactVersionInfo
CatalogedApiVersion
Certificate
ChatterExtension
ChoiceList
ClaimFinancialSettings
ClauseCatgConfiguration
CleanDataService
CMSConnectSource
Community (Zone)
CommerceSettings
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
ContentTypeBundle
ContextDefinition
ConversationMessageDefinition
ConversationMessageDefinitionTranslation
ConversationVendorInfo
ConvIntelligenceSignalRule
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomFieldDisplay
CustomHelpMenuSection
CustomIndex
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataObjectSearchIndexConf
DataWeaveResource
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DgtAssetMgmtProvider
DgtAssetMgmtPrvdLghtCpnt
DigitalExperienceBundle
DigitalExperienceConfig
DisclosureDefinition
DisclosureDefinitionVersion
DisclosureType
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentCategory
DocumentCategoryDocumentType
DocumentChecklistSettings
DocumentType
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EnablementMeasureDefinition
EnablementProgramDefinition
EnblProgramTaskSubCategory
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExperiencePropertyTypeBundle (Beta)
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetMessageToken
ExpressionSetObjectAlias
ExternalAuthIdentityProvider
ExternalClientApplication
ExternalCredential
ExternalAIModel
ExternalServiceRegistration
ExtlClntAppCanvasSettings
ExtlClntAppConfigurablePolicies
ExtlClntAppGlobalOauthSettings
ExtlClntAppMobileConfigurablePolicies
ExtlClntAppMobileSettings
ExtlClntAppNotificationSettings
ExtlClntAppOauthConfigurablePolicies
ExtlClntAppOauthSettings
ExtlClntAppPushConfigurablePolicies
ExtlClntAppPushSettings
ExtlClntAppSamlConfigurablePolicies
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldMappingConfig
FieldRestrictionRule
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
FlowValueMap
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FuelType
FuelTypeSustnUom
FunctionReference
FundraisingConfig
GatewayProviderPaymentMethodType
GenAiFunction
GenAiPlanner
GenAiPlannerBundle
GenAiPlugin
GenAiPluginInstructionDef
GenAiPromptTemplate
GenAiPromptTemplateActv
GiftEntryGridTemplate
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
GoogleAppsSettings
Group
HomePageComponent
HomePageLayout
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InboundCertificate
InboundNetworkConnection
IndustriesPricingSettings
IndustriesRatingSettings
IndustriesUnifiedInventorySettings
InstalledPackage
IntegArtifactDef
IntegrationProviderDef
IPAddressRange
InvocableActionExtension
KeywordList
Layout
LearningItemType
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LightningTypeBundle
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedEventSubscription (Beta)
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
MobileSecurityAssignment
MobileSecurityPolicy
MobSecurityCertPinConfig
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
OauthTokenExchangeHandler
OcrSampleDocument
OcrTemplate
OmniSupervisorConfig
OutboundNetworkConnection
OnboardingDataObjectGroup
Package
ParticipantRole
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PersonAccountOwnerPowerUser
PipelineInspMetricConfig
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
PricingActionParameters
PricingRecipe
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
PublicKeyCertificate
PublicKeyCertificateSet
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RecordAggregationDefinition
RecordAlertCategory
RegisteredExternalService
ReferencedDashboard
RelatedRecordAssocCriteria
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
RetrievalSummaryDefinition
Role
RoleOrTerritory
RpaRobotPoolMetadata
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
SearchCustomization
SearchOrgWideObjectConfig
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
ServiceProcess
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
StageAssignment
StageDefinition
SustainabilityUom
SustnUomConversion
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UIBundle (Beta)
UiFormatSpecificationSet
UIObjectRelationConfig
UiPreviewMessageTabDef
UserAccessPolicy
UserAuthCertificate
UserCriteria
UserProfileSearchScope
UserProvisioningConfig
VirtualVisitConfig
WaveAnalyticAssetCollection
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreBundle
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

ExtlClntAppGlobalOauthSettings

Represents the global settings for the OAuth plugin in an external client app. These settings include private and sensitive OAuth consumer information that can’t be packaged and must not be added to source control.

Parent Type

This type extends the Metadata metadata type and inherits its fullName field.

File Suffix and Directory Location

ExtlClntAppGlobalOauthSettings components have the suffix .ecaGlblOauth and are stored in the extlClntAppGlobalOauthSets folder.

Version

ExtlClntAppGlobalOauthSettings components are available in API version 59.0 and later.

Special Access Rules

Access to the OAuth plugin requires orgs to enable the Allow Access to OAuth Consumer Secrets via Metadata API permission in Setup. The View External Client Apps Consumer Secrets in Metadata user permission is required for users with developer roles to configure global OAuth settings.

Fields

Field Name Description
callbackUrl
Field Type
string
Description
The endpoint that Salesforce calls back to your external client app during OAuth. It’s the OAuth redirect_uri.
certificate
Field Type
string
Description
If the app uses a certificate, the PEM-encoded certificate string. When provided, it enables the JWT Bearer flow. Available in API version 60.0 and later.
consumerKey
Field Type
string
Description
A value used by the consumer for identification to Salesforce. Referred to as client_id in OAuth 2.0.
consumerSecret
Field Type
string
Description
A value that is combined with the consumerKey and used by the consumer for identification to Salesforce. Referred to as client_secret in OAuth 2.0.
externalClientApplication
Field Type
string
Description

Required.

Name of the external client application.
idTokenConfig
Field Type
ExternalAppIdTokenConfig
Description
The settings for the ID token.
isClientCredentialsFlowEnabled
Field Type
boolean
Description
If set to true, the OAuth 2.0 client credentials flow is enabled. Available in API version 60.0 and later.
isCodeCredFlowEnabled
Field Type
boolean
Description
If set to true, the external client app can use the Authorization Code and Credentials Flow and its variations for headless login, passwordless login, and guest user identity services in an off-platform app. Headless registration isn’t currently supported for external client apps. The default value is false.

To use this field, the Authorization Code and Credentials Flow must be enabled for your org in OAuth and OpenID Connect settings.

Available in API version 61.0 and later.
isCodeCredPostOnly
Field Type
boolean
Description
If set to true, for the Authorization Code and Credentials Flow, the external client app is required to send the user’s credentials to the Salesforce services/oauth2/authorize endpoint in the body of a POST request. If set to false, the app can send a POST or GET request with the user’s credentials in the request body or in a Basic authorization header. The default value is false.

To use this field, the Authorization Code and Credentials Flow must be enabled for your external client app. Headless registration, a variation of this flow, isn’t currently supported for external client apps.

Available in API version 61.0 and later.
isConsumerSecretOptional
Field Type
boolean
Description
If set to false (default), the external app’s client secret is required in exchange for an access token in the OAuth 2.0 web server flow. If set to true, the external app’s client secret is optional.
isDeviceFlowEnabled
Field Type
boolean
Description
If set to true, the external client app can use the OAuth 2.0 device flow. Available in API version 60.0 and later.
isIntrospectAllTokens
Field Type
boolean
Description
If set to true, authorizes the external app to introspect all access and refresh all tokens. If set to false (default), the external client app can introspect its own tokens.
isNamedUserJwtEnabled
Field Type
boolean
Description
If set to true, the external client app issues JSON Web Token (JWT)-based access tokens. If set to false, it issues opaque access tokens. The default value is false

Available in API version 61.0 and later.
isPkceRequired
Field Type
boolean
Description
If set to true (default) Proof Key for Code for Exchange (PKCE) is required for OAuth integration. If set to false, PKCE is optional.
isRefreshTokenRotationEnabled
Field Type
boolean
Description
If set to true, the refresh token rotation is enabled. Available in API version 60.0 and later.
isSecretRequiredForRefreshToken
Field Type
boolean
Description
If set to true (default), the app’s client secret is required in the authorization request of a refresh token and hybrid refresh token flow. If set to false and an app sends the client secret in the authorization request, Salesforce still validates it.
isSecretRequiredForTokenExchange
Field Type
boolean
Description
If set to true, the app’s client secret is required for token exchange. Available in API version 60.0 and later.
isTokenExchangeEnabled
Field Type
boolean
Description
If set to true, token exchange is enabled. Available in API version 60.0 and later.
label
Field Type
string
Description
External Client Application Global OAuth Settings name.
shouldRotateConsumerKey
Field Type
boolean
Description
If set to true, the OAuth external client app's consumer key is replaced with a newly generated key on metadata deploy.. To maintain security, if this field is set to true, you must include the ignore warnings attribute in the deploy command. Default is false.
shouldRotateConsumerSecret
Field Type
boolean
Description
If set to true, the OAuth external client app’s consumer secret is replaced with a newly generated secret on metadata deploy. To maintain security, if this field is set to true, you must include the ignore warnings attribute in the deploy command. Default is false.

ExternalAppIdTokenConfig

Represents configurations that determine the ID token attributes.

Field Name Description
idTokenAudience
Field Type
string
Description
The audience that this ID token is intended for. The value is an array of case-sensitive strings. If no audiences are specified, the client_id of the relying party is returned as the default audience. Otherwise, the other audiences are returned with the client_id in the aud value.
idTokenIncludeAttributes
Field Type
boolean
Description
Indicates whether attributes are included in the ID token (true) or not (false).
idTokenIncludeStandardClaims
Field Type
boolean
Description
Indicates whether standard claims about the authentication event are included in the ID token (true) or not (false).
idTokenValidityInMinutes
Field Type
int
Description
The length of time that the ID token is valid for after it’s issued. The value can be 1–720 minutes. The default value is 2 minutes.

Declarative Metadata Sample Definition

This example shows an ExtlClntAppGlobalOauthSettings component.

1<?xml version="1.0" encoding="UTF-8"?>
2<ExtlClntAppGlobalOauthSettings xmlns="http://soap.sforce.com/2006/04/metadata">
3    <callbackUrl>https://www.example.com</callbackUrl>
4    <externalClientApplication>myeca</externalClientApplication>
5    <idTokenConfig>
6        <idTokenAudience>SalesforceAudience</idTokenAudience>
7        <idTokenIncludeStandardClaims>true</idTokenIncludeStandardClaims>
8        <idTokenValidityInMinutes>0</idTokenValidityInMinutes>
9    </idTokenConfig>
10    <isConsumerSecretOptional>false</isConsumerSecretOptional>
11    <isIntrospectAllTokens>false</isIntrospectAllTokens>
12    <isPkceRequired>true</isPkceRequired>
13    <isSecretRequiredForRefreshToken>false</isSecretRequiredForRefreshToken>
14    <label>myecaglobalset</label>
15    <shouldRotateConsumerKey>false</shouldRotateConsumerKey>
16    <shouldRotateConsumerSecret>false</shouldRotateConsumerSecret>
17</ExtlClntAppGlobalOauthSettings>

This example package.xml references the previous definition.

1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>*</members>
5        <name>ExternalClientApplication</name>
6    </types>
7    <types>
8        <members>*</members>
9        <name>ExtlClntAppOauthSettings</name>
10    </types>
11    <types>
12        <members>*</members>
13        <name>ExtlClntAppGlobalOauthSettings</name>
14    </types>
15    <types>
16        <members>*</members>
17        <name>ExtlClntAppOauthConfigurablePolicies</name>
18    </types>
19    <types>
20        <members>*</members>
21        <name>ExtlClntAppConfigurablePolicies</name>
22    </types>
23    <version>60.0</version>
24</Package>

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.