Lightning Aura Components Developer Guide
jSummer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
Developing Secure Code
Apex Server-Side Controller Overview
AuraEnabled Annotation
Creating an Apex Server-Side Controller
Using Apex to Work with Salesforce Records
Granting User Access for Apex Classes
Securing Data in Apex Controllers
Abortable Actions
Action Limits and Considerations
Testing Your Apex Code
Making API Calls from Apex
Creating Components in Apex
Testing Components
Creating Server-Side Logic with Controllers
The framework supports client-side (JavaScript) and server-side (Apex) controllers. An
event is always wired to a client-side controller action, which can in turn call an Apex
controller action. For example, a client-side controller
might handle an event and call an Apex controller action to persist a record.
Server-side actions make a round trip from the client to the server and back again, so they usually complete more slowly than client-side actions.
For more details on the process of calling a server-side action, see Calling a Server-Side Action.
-
Apex Server-Side Controller Overview
Create a server-side controller in Apex and use the @AuraEnabled annotation to enable access to the controller method. -
AuraEnabled Annotation
The AuraEnabled annotation enables Lightning components to access Apex methods and properties. -
Creating an Apex Server-Side Controller
Use the Developer Console to create an Apex server-side controller. -
Using Apex to Work with Salesforce Records
Use Apex only if you need to customize your user interface to do more than what Lightning Data Service allows, such as using a SOQL query to select certain records. Apex provisions data that’s not managed and you must handle data refresh on your own. -
Granting User Access for Apex Classes
An authenticated or guest user can access an @AuraEnabled Apex method only when the user’s profile or an assigned permission set allows access to the Apex class. -
Securing Data in Apex Controllers
By default, Apex runs in system mode, which means that it runs with substantially elevated permissions, acting as if the user had most permissions and all field- and object-level access granted. Because these security layers aren’t enforced like they are in the Salesforce UI, you must write code to enforce them. Otherwise, your components may inadvertently expose sensitive data that would normally be hidden from users in the Salesforce UI. -
Calling a Server-Side Action
Call a server-side controller action from a client-side controller. In the client-side controller, you set a callback, which is called after the server-side action is completed. A server-side action can return any object containing serializable JSON data. -
Queuing of Server-Side Actions
The framework queues up actions before sending them to the server. Actions are grouped together into batches, and then sent to the server together. This process enables the framework to reduce network traffic by batching multiple actions into fewer, more efficient requests. -
Storable Actions
Enhance your component’s performance by marking actions as storable (cacheable) to quickly show cached data from client-side storage without waiting for a server trip. If the cached data is stale, the framework retrieves the latest data from the server. Caching is especially beneficial for users on high latency, slow, or unreliable connections such as 3G networks. -
Abortable Actions
Mark an action as abortable to make it potentially abortable while it's queued to be sent to the server. An abortable action in the queue is not sent to the server if the component that created the action is no longer valid, that is cmp.isValid() == false. A component is automatically destroyed and marked invalid by the framework when it is unrendered. -
Action Limits and Considerations
Keep the following limits and other considerations in mind when using server-side actions.