The Salesforce Developers website will undergo maintenance on May 29, 2024 from 3:00 a.m. UTC to 10:00 a.m. UTC. The maintenance process may affect the availability of our documentation. Please plan accordingly.

Create an App

The ability to create legacy packages was deprecated in August 2019. All new packages are enhanced packages.

A Marketing Cloud Engagement app is an externally hosted app that is iframed into the web interface. Apps include custom apps built by your organization or apps installed from AppExchange. You launch an app via the app menu.

For a legacy package, Marketing Cloud Engagement posts a JSON Web Token (JWT) to your externally hosted app so that it can acquire access tokens on behalf of logged-in users. After you know the hosted endpoint for your app, you must register the endpoint in an installed package.

An enhanced package doesn’t use a posted JWT. Instead, your externally hosted app must use a web app or public app OAuth 2.0 integration to acquire an access token. Use that access token to request information about the end user by calling the v2/userinfo REST endpoint.

  1. Create an installed package, or navigate to an existing package.

  2. Under Components, click Add Component.

  3. Select Marketing Cloud App.

  4. Enter a name and description for your app.

  5. (Legacy packages only) Check your SSO Claim Version. The decoded JWT includes a refreshToken only if your package has an API Integration component.

  6. Enter your app’s login, redirect, and logout URLs. Point to localhost or test locations first, if needed, and edit these values later. All URLs must be HTTPS (TLS).

    • Login – Marketing Cloud Engagement uses this endpoint to iframe your externally hosted app. Your app can show anything here. Your app must set a cookie at login. To retrieve information about the end user, ensure that your externally hosted app immediately kicks off the OAuth 2.0 authorization code flow and then calls the v2/userinfo route after calling your login endpoint. Legacy packages only: Marketing Cloud Engagement posts the JWT here.
    • Redirect – (Legacy packages only) A redirect is required as another endpoint that you can use to provide app information. The redirect endpoint is returned in the JWT payload, but Marketing Cloud Engagement doesn’t do anything with it.
    • Logout - Marketing Cloud Engagement performs a GET on the logout endpoint from the browser. This logout URL ends the user’s session and unsets the cookie set on login. When the user signs out, the app session also ends.
  7. Save the component.

  8. Sign out of Marketing Cloud Engagement, and then sign back in to see your app in the AppExchange menu.

For your app to load in an iframe, ensure that your app’s x-frame-options allow the domain.