Loading
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Use Named Credential Formula Functions in Custom Headers

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Use Named Credential Formula Functions in Custom Headers

            Formula functions can be used in the value field of a custom header of a named credential or external credential.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: all editions
            Note
            Note Not all Salesforce formula functions are supported for named and external credential custom headers. We recommend using these formula functions for authentication use cases.

            A binary large object (BLOB) is a collection of binary data stored as a single entity. For named credentials, BLOBs can store binary executable code used in custom header formulas. See Create and Edit Custom Headers.

            Formula fields can contain up to 3,900 characters, including spaces, return characters, and comments. If your formula requires more characters, create separate formula fields and reference them in another formula field. The maximum number of displayed characters after an evaluation of a formula expression is 1,300, which can truncate access tokens in custom headers.

            Formula Functions for Named Credentials
            Function Description
            BASE64DECODE(expr)
            Input
            String
            Output
            BlobValue
            Description
            Decode the Base64-encoded String expression to a binary.
            BASE64ENCODE(expr)
            Input
            BlobValue
            Output
            String
            Description
            Encode the binary BLOB expression as a Base64-encoded String.
            BLOB(expr)
            Input
            String
            Output
            BlobValue
            Description
            Convert the value to a UTF-8 binary BLOB.
            HASH(algorithm, expr)
            Input
            String, BlobValue
            Output
            BlobValue
            Description
            Given a binary value to hash, use algorithm to get the binary hash.
            The only supported hashing algorithm is SHA-256.
            HEX(expr)
            Input
            BlobValue
            Output
            String
            Description
            Represents the given BLOB expression as a base-16 lower-case encoded String. This hex encoding contains the binary data expected by encryption functions.
            HMAC(algorithm, valueToSign, secretSigningKey)
            Input
            String, BlobValue, BlobValue
            Output
            BlobValue
            Description
            Use algorithm to sign the given binary valueToSign with a binary secret signing key. The resulting message authentication code is a binary value.
            The only supported algorithm is SHA-256.
            SIGN(algorithmName, input, privateKey)
            Input
            String, BlobValue, BlobValue
            Output
            BlobValue
            Description
            Compute a unique digital signature for the input string using the specified algorithm and private key.
            Supported algorithms are RSA, RSA-SHA1, RSA-SHA256, RSA-SHA384, RSA-SHA512, ECDSA-SHA256, ECDSA-SHA256-PLAIN, ECDSA-SHA384, and ECDSA-SHA512.
            SIGN_WITH_CERTIFICATE(algorithmName, input, certDevName)
            Input
            String, BlobValue, String
            Output
            BlobValue
            Description
            Compute a unique digital signature for the input string using the specified algorithm and the unique name of a certificate in the Salesforce org.
            Supported algorithms are RSA, RSA-SHA1, RSA-SHA256, RSA-SHA384, RSA-SHA512, ECDSA-SHA256, ECDSA-SHA256-PLAIN, ECDSA-SHA384, and ECDSA-SHA512.

            Examples

            • This example shows encoding a username and password stored in an external credential. The BLOB function first converts a string of form username:password into a binary. BASE64ENCODE then converts the binary into an encoded string. myExternalCredential is the name of an external credential.

              BASE64ENCODE(BLOB($Credential.myExternalCredential.Username & ':' & $Credential.myExternalCredential.Password))

            • This example sets a header named X-Username with a base-16, SHA-256-hashed username as the value. req is an HTTPRequest. Username is an authentication parameter attached to a principal.

              req.setHeader('X-Username', '{!HEX(HASH(\'SHA-256\', BLOB($Credential.myExternalCredential.Username)))}');

            • This example sets the X-Body header as the base-16, hashed evaluated body, meaning that all formulas within the request body are evaluated. BLOB isn’t required here because $Credential.myExternalCredential.Body is returned as a BLOB type rather than as a String.

              req.setHeader('X-Body', '{!HEX(HASH(\'SHA-256\', $Credential.myExternalCredential.Body))}');

            See Also

             
            Loading
            Salesforce Help | Article