Metadata API Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Introduction to Metadata API
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
Data Cloud Metadata Types
AccountRelationshipShareRule
AccountingFieldMapping
AccountingModelConfig
ActionLinkGroupTemplate
ActionPlanTemplate
ActionableListDefinition
AdvAccountForecastSet
AffinityScoreDefinition
AIApplication
AIApplicationConfig
AIScoringModelDefinition
AIUsecaseDefinition
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BillingSettings
BlacklistedConsumer
Bot
BotBlock
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareBenefitVerifySettings
CareLimitType
CareSystemFieldMapping
CareProviderSearchConfig
CareRequestConfiguration
Certificate
ChatterExtension
ChoiceList
ClaimFinancialSettings
ClauseCatgConfiguration
CleanDataService
CMSConnectSource
Community (Zone)
CommerceSettings
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
ContextDefinition
ConversationMessageDefinition
ConversationVendorInfo
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomFieldDisplay
CustomHelpMenuSection
CustomIndex
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataObjectSearchIndexConf
DataWeaveResource
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DigitalExperienceBundle
DigitalExperienceConfig
DisclosureDefinition
DisclosureDefinitionVersion
DisclosureType
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentCategory
DocumentCategoryDocumentType
DocumentChecklistSettings
DocumentType
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EnablementMeasureDefinition
EnablementProgramDefinition
EnblProgramTaskSubCategory
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExperiencePropertyTypeBundle (Beta)
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetMessageToken
ExpressionSetObjectAlias
ExternalAuthIdentityProvider
ExternalClientApplication
ExternalCredential
ExternalAIModel
ExternalServiceRegistration
ExtlClntAppConfigurablePolicies
ExtlClntAppGlobalOauthSettings
ExtlClntAppOauthConfigurablePolicies
ExtlClntAppOauthSettings
ExtlClntAppSamlConfigurablePolicies
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FuelType
FuelTypeSustnUom
FunctionReference
FundraisingConfig
GatewayProviderPaymentMethodType
GenAiFunction
GenAiPlanner
GenAiPlugin
GenAiPluginInstructionDef
GenAiPromptTemplate
GenAiPromptTemplateActv
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InboundCertificate
InboundNetworkConnection
IndustriesPricingSettings
IndustriesRatingSettings
InstalledPackage
IntegrationProviderDef
IPAddressRange
KeywordList
Layout
LearningItemType
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedEventSubscription (Beta)
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
MobileSecurityAssignment
MobileSecurityPolicy
MobSecurityCertPinConfig
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
OauthTokenExchangeHandler
OcrSampleDocument
OcrTemplate
OmniExtTrackingDef
OmniScript
OmniSupervisorConfig
OmniTrackingGroup
OutboundNetworkConnection
Package
ParticipantRole
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PersonAccountOwnerPowerUser
PipelineInspMetricConfig
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
PricingActionParameters
PricingRecipe
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
PublicKeyCertificate
PublicKeyCertificateSet
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RecordAggregationDefinition
RecordAlertCategory
RegisteredExternalService
ReferencedDashboard
RelatedRecordAssocCriteria
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
SearchCustomization
SearchOrgWideObjectConfig
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
ServiceProcess
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SustainabilityUom
SustnUomConversion
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UiFormatSpecificationSet
UIObjectRelationConfig
UserAccessPolicy
UserAuthCertificate
UserCriteria
UserProfileSearchScope
UserProvisioningConfig
VirtualVisitConfig
WaveAnalyticAssetCollection
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreBundle
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
PDF

ExternalCredential

Represents the details of how Salesforce authenticates to the external system.

All credentials stored within this entity are encrypted under a framework that is consistent with other encryption frameworks on the platform. Salesforce encrypts your credentials by auto-creating org-specific keys. Credentials encrypted using the previous encryption scheme have been migrated to the new framework.

Note

Parent Type

This type extends the Metadata metadata type and inherits its fullName field.

File Suffix and Directory Location

ExternalCredential components have the suffix .externalCredential and are stored in the externalCredentials folder.

Version

ExternalCredential components are available in API version 56.0 and later.

Special Access Rules

There are no additional access requirements that are specific to this type.

Fields

Field Name Description
authenticationProtocol
Field Type
AuthenticationProtocol (enumeration of type string)
Description

Required.

The authentication protocol that’s required to access the external system. Valid values are:

  • AwsSv4
  • Basic
  • Custom — User-created authentication. Specify the permission set, sequence number, and authentication parameters. Each authentication parameter requires a name and value.
  • Jwt — Reserved for future use
  • JwtExchange — Reserved for future use
  • NoAuthentication —Reserved for future use
  • Oauth
  • Password — Reserved for future use

For connections to Amazon Web Services using Signature Version 4, use AwsSv4.

For connections using a direct token system, select Jwt.

For Simple URL data sources, select Custom with no parameters.

For cloud-based Files Connect external systems, select Oauth. For on-premises systems, select Password.
description
Field Type
string
Description
A meaningful description of the external credential.
externalCredentialParameters
Field Type
ExternalCredentialParameter[]
Description
One or more sets of parameters that further configure the external credential.
label
Field Type
string
Description

Required.

Name of the external credential.

ExternalCredentialParameter

Represents the parameters that configure an external credential. External credential parameters are used to configure external credential callouts through a combination of the type, name, and value and lookup fields. Available in API version 56.0 and later.

These parameters are used internally to provide a flexible architecture and are exposed here for packaging reasons.

Field Name Description
authProvider
Field Type
string
Description
Reference to an authentication provider that the AuthProvider component represents, which defines the service that provides the login process and approves access to the external system.
certificate
Type
string
Description
If the value of parameterType is SigningCertificate, then this field references the certificate.
description
Field Type
string
Description
A human-readable description of this external credential parameter.
externalAuthIdentityProvider
Field Type
string
Description
Reference to an external authentication identity provider that the externalAuthIdentityProvider component represents. The externalAuthIdentityProvider defines the service that provides the login process and approves access to the external system.
To simplify the configuration process for the authentication providers used by your named credentials, use an externalAuthIdentityProvider instead of an authProvider. Link the external auth identity provider to an external credential.
parameterGroup
Field Type
string
Description
Groups a parameter along with its respective principal. For example, with dynamic scopes, the user can apply a scope AuthParameter only when authenticated against a specific principal with a matching parameterGroup value.

If a value for parameterGroup isn’t provided, parameterGroup defaults to the parameterName value for PER_USER and NAMED_PRINCIPAL. For all other parameters parameterGroup defaults to DEFAULT_GROUP.
parameterName
Field Type
string
Description

Required.

The name of the external credential parameter.
parameterType
Field Type
ExternalCredentialParamType (enumeration of type string)
Description

Required.

The type of external credential parameter. The value of this field drives the behavior of the parameter. Valid values are:
  • AdditionalRefreshStatusCode: Allows the user to specify 4xx, 6xx, 7xx, 8xx, and 9xx HTTP status codes that trigger Salesforce to refresh expired or invalid access tokens, in addition to the standard 401 HTTP status code response.
  • AuthHeader: Allows the user to specify custom authentication headers to be added to the callout at run time. When using AuthHeader, the parameterName field must be the header name as a string, and parameterValue must be a formula of a header value that is evaluated at run time. sequenceNumber determines the order in which headers are sent out in the callout. Headers with lower numbers are sent out first.
  • AuthParameter: Allows the user to add additional authentication settings. parameterName defines the parameter to set. For example, AwsRegion sets the AWS Region parameter to apply for an AWS Signature V4 authentication protocol and parameterValue is the value for the AWS Region.
  • AuthProtocolVariant: Used to specify a variant of an authentication protocol. For example, Aws Sts as a variant when the ParameterName is AwsSv4 and the ParameterValue is AwsSv4_STS.
  • AuthProvider: Specifies that this parameter configures an authentication provider referenced by the authProvider field.
  • AuthProviderUrl: Specifies the authentication endpoint URL. For example, if the authentication type is OAuth with JWT Bearer Flow, then parameterValue is an authentication token endpoint.
  • AuthProviderUrlQueryParameter: Allows the user to specify custom query parameters to be added to the callout to the authentication provider at run time. Currently, supported only for AWS Signature V4 with STS. The allowed AuthProviderUrlQueryParameter values are AwsExternalId and AwsDuration, used with AWS STS.
  • AwsStsPrincipal: Configures AWS Signature V4 along with STS. parameterName is AwsStsPrincipal and parameterValue isn’t specified.
  • CreatedByNamespace: Reserved for internal use.
  • ExternalAuthIdentityProvider: Specifies that this parameter configures an authentication provider referenced by the externalAuthIdentityProvider field.
  • GlobalNamedPrincipal: Reserved for internal use.
  • JwtBodyClaim: Specifies a JWT (JSON Web Token) body claim, where parameterName is the key and parameterValue is the value. For example, the parameter name for a JWT audience is aud.
  • JwtHeaderClaim: Specifies a JWT header claim, where parameterName is the key and parameterValue is the value. For example, the parameter name for a JWT key identifier is kid.
  • NamedPrincipal: Specifies that the parameter uses the same set of user credentials for all users who access the external system.
  • PerUserPrincipal: Provides access control at the individual user level.
  • SigningCertificate: Specifies the certificate used for an authentication signature. Use the certificate field to specify the certificate name. Used for OAuth with JWT Bearer Flow and AwsSv4 STS with RolesAnywhere authentication.
  • SystemUserPrincipal: Reserved for internal use.
parameterValue
Field Type
string
Description
If the parameterType field describes a literal value then the literal value is stored in this field.
principal
Field Type
string
Description
If the value of the parameterType field is either NamedPrincipal or PerUserPrincipal, this field points to a permission set. That value then determines the set of users that are allowed to use credentials provided by the credential provider. The value of the parameterName field specifies the name of this principal.

First available in API version 56.0, this field is removed in API version 58.0 and later.
sequenceNumber
Field Type
int
Description
Specifies the order of principals to apply when a user participates in more than one principal. For example, a user could be part of multiple permission sets that are applicable for a credential provider. Priority is from lower to higher numbers.

You can set this field only when parameterType is NamedPrincipal.

Declarative Metadata Sample Definition

The following is an example of an ExternalCredential component.

<ExternalCredential xmlns="http://soap.sforce.com/2006/04/metadata">
    <label>SampleExternalCredential</label>
    <authenticationProtocol>AwsSv4</authenticationProtocol>
    <externalCredentialParameters>
        <parameterName>Principal</parameterName>
        <parameterType>NamedPrincipal</parameterType>
        <sequenceNumber>1</sequenceNumber>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>AwsService</parameterName>
        <parameterValue>iam</parameterValue>
        <parameterType>AuthParameter</parameterType>
    </externalCredentialParameters>
    <externalCredentialParameters>
        <parameterName>AwsRegion</parameterName>
        <parameterValue>us-east-1</parameterValue>
        <parameterType>AuthParameter</parameterType>
    </externalCredentialParameters>
</ExternalCredential>

The following is an example package.xml that references the previous definition.

<?xml version="1.0" encoding="UTF-8"?>
<Package xmlns="http://soap.sforce.com/2006/04/metadata">
    <types>
        <members>*</members>
        <name>ExternalCredential</name>
    </types>
    <version>56.0</version>
</Package>

Wildcard Support in the Manifest File

This metadata type supports the wildcard character * (asterisk) in the package.xml manifest file. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.