Named Credential Formula Functions

Formula functions can be used in the value field of a custom header of a named credential or external credential.

A Binary Large OBject (BLOB) is a collection of binary data stored as a single entity. For named credentials, BLOBs can store binary executable code used in custom header formulas.

FunctionDescription
BASE64DECODE(expr)
  • Input: String
  • Output: BlobValue
  • Description: Decode the Base64-encoded String expression to binary.
BASE64ENCODE(expr)
  • Input: BlobValue
  • Output: String
  • Description: Encode the binary BLOB expression as a Base64-encoded String.
BLOB(expr)
  • Input: String
  • Output: BlobValue
  • Description: Convert the value to a UTF-8 binary BLOB.
HASH(algorithm, expr)
  • Input: String, BlobValue
  • Output: BlobValue
  • Description: Given a binary value to hash, use algorithm to get the binary hash. The only supported hashing algorithm is SHA-256.
HEX(expr)
  • Input: BlobValue
  • Output: String
  • Description: Represents the given BLOB expression as a base-16 lower-case encoded String. This hex encoding contains the binary data expected by encryption functions.
HMAC(algorithm, valueToSign, secretSigningKey)
  • Input: String, BlobValue, BlobValue
  • Output: BlobValue<
    • li>Description: Use algorithm to sign the given binary valueToSign with a binary secret signing key. The resulting message authentication code is a binary value. The only supported algorithm is SHA-256.
  • This example shows encoding a username and password stored in an external credential. The BLOB function first converts a string of form username:password into a binary. BASE64ENCODE then converts the binary into an encoded string. myExternalCredential is the name of an external credential.
  • This example sets a header named X-Username with a base-16, SHA-256-hashed username as the value. req is an HTTPRequest. Username is an authentication parameter attached to a permission set mapping.
  • This example sets the X-Body header as the base-16, hashed evaluated body, meaning that all formulas within the request body are evaluated. BLOB isn’t required here because $Credential.myExternalCredential.Body is returned as a BLOB type, rather than as a String.