Metadata API Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Introduction to Metadata API
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
Data Cloud Metadata Types
AccountRelationshipShareRule
AccountingFieldMapping
AccountingModelConfig
ActionLinkGroupTemplate
ActionPlanTemplate
ActionableListDefinition
AdvAccountForecastSet
AffinityScoreDefinition
AIApplication
AIApplicationConfig
AIScoringModelDefinition
AIUsecaseDefinition
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BillingSettings
BlacklistedConsumer
Bot
BotBlock
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareBenefitVerifySettings
CareLimitType
CareSystemFieldMapping
CareProviderSearchConfig
CareRequestConfiguration
Certificate
ChatterExtension
ChoiceList
ClaimFinancialSettings
ClauseCatgConfiguration
CleanDataService
CMSConnectSource
Community (Zone)
CommerceSettings
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
ContextDefinition
ConversationMessageDefinition
ConversationVendorInfo
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomFieldDisplay
CustomHelpMenuSection
CustomIndex
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataObjectSearchIndexConf
DataWeaveResource
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DigitalExperienceBundle
DigitalExperienceConfig
DisclosureDefinition
DisclosureDefinitionVersion
DisclosureType
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentCategory
DocumentCategoryDocumentType
DocumentChecklistSettings
DocumentType
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EnablementMeasureDefinition
EnablementProgramDefinition
EnblProgramTaskSubCategory
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExperiencePropertyTypeBundle (Beta)
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetMessageToken
ExpressionSetObjectAlias
ExternalAuthIdentityProvider
ExternalClientApplication
ExternalCredential
ExternalAIModel
ExternalServiceRegistration
ExtlClntAppConfigurablePolicies
ExtlClntAppGlobalOauthSettings
ExtlClntAppOauthConfigurablePolicies
ExtlClntAppOauthSettings
ExtlClntAppSamlConfigurablePolicies
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FuelType
FuelTypeSustnUom
FunctionReference
FundraisingConfig
GatewayProviderPaymentMethodType
GenAiFunction
GenAiPlanner
GenAiPlugin
GenAiPluginInstructionDef
GenAiPromptTemplate
GenAiPromptTemplateActv
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InboundCertificate
InboundNetworkConnection
IndustriesPricingSettings
IndustriesRatingSettings
InstalledPackage
IntegrationProviderDef
IPAddressRange
KeywordList
Layout
LearningItemType
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedEventSubscription (Beta)
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
MobileSecurityAssignment
MobileSecurityPolicy
MobSecurityCertPinConfig
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
OauthTokenExchangeHandler
OcrSampleDocument
OcrTemplate
OmniExtTrackingDef
OmniScript
OmniSupervisorConfig
OmniTrackingGroup
OutboundNetworkConnection
Package
ParticipantRole
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PersonAccountOwnerPowerUser
PipelineInspMetricConfig
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
PricingActionParameters
PricingRecipe
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
PublicKeyCertificate
PublicKeyCertificateSet
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RecordAggregationDefinition
RecordAlertCategory
RegisteredExternalService
ReferencedDashboard
RelatedRecordAssocCriteria
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
SearchCustomization
SearchOrgWideObjectConfig
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
ServiceProcess
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SustainabilityUom
SustnUomConversion
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UiFormatSpecificationSet
UIObjectRelationConfig
UserAccessPolicy
UserAuthCertificate
UserCriteria
UserProfileSearchScope
UserProvisioningConfig
VirtualVisitConfig
WaveAnalyticAssetCollection
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreBundle
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
PDF

Certificate

Represents a certificate used for digital signatures that verify that requests are coming from your org. Certificates are used for either authenticated single sign-on with an external website, or when using your org as an identity provider. This type extends the Metadata With Content metadata type and inherits its content and fullName fields.

Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.

Important

File Suffix and Directory Location

Certificate components have the suffix .crt and are stored in the certs folder.

Version

Certificate components are available in API version 36.0 and later.

Fields

Field Name Field Type Description
caSigned boolean Required. Indicates whether this certificate is signed by the issuer (true) or not (false).
encryptedWithPlatformEncryption boolean Indicates whether this certificate is encrypted with Platform Encryption.
expirationDate dateTime The date that this certificate expires and is no longer usable. For self-signed certificates, if keySize is 2048 bits, the expiration date is automatically 1 year after you create the certificate. If keySize is 4096 bits, the expiration date is automatically 2 years after you create the certificate. For CA-signed certificates, expirationDate is automatically updated to the signed certificate’s expiration date when a signed certificate chain is uploaded. The date format is YYYY-MM-DD.
keySize int Certificate keys can be either 2048 bits or 4096 bits. A certificate with 4096-bit keys lasts 2 years, and a certificate with 2048-bit keys lasts 1 year. Certificates with 2048-bit keys are faster than certificates with 4096-bit keys. If keySize isn’t specified when you create a certificate, the key size defaults to 2048 bits.
masterLabel string Required. A user-friendly name for the certificate that appears in the Salesforce user interface, such as in Certificate and Key Management. Limit: 64 characters.
privateKeyExportable boolean Indicates whether this certificate’s private key is exportable. If privateKeyExportable isn’t specified when you create a certificate, its default value is true.

Usage

The Metadata API can be used to create a self-signed or a CA-signed certificate. The .crt file’s contents are the certificate chain, which can be updated when you renew or update the intermediate certificate chain of a CA-signed certificate. After creating a CA-signed certificate, the .crt file contains a certificate signing request (CSR). For details, see About Salesforce Certificates and Keys in Salesforce Help.

To copy an existing certificate’s X.509 parameter data to a new certificate, upload the existing certificate. You can also use this procedure to renew a certificate. A new private+public key pair is created with a new certificate. Salesforce doesn’t allow the import or export of the private key via the API.

Using the Metadata API, you can download a CSR. After it’s CA-signed, you can upload it back to Salesforce.

After the signed certificate chain is uploaded via the Metadata API, the CSR of that certificate can’t be downloaded via the API anymore. The content of the .crt file is the signed certificate chain. However, the CSR can still be downloaded via the UI.

  • Downloading a CSR—The CSR is downloadable after a CA-signed cert is created. If a signed certificate hasn’t been uploaded to that certificate, the content of the downloaded .crt file is the CSR.
  • Uploading a CA-Signed Certificate—To upload the signed certificate chain back to Salesforce, save the signed certificate chain as the content of the .crt file and update it via the Metadata API.

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.