Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure Experience Cloud Settings for Headless Registration

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure Experience Cloud Settings for Headless Registration

            Before you set up the Headless Registration Flow, configure settings to control security and access for your app.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: Enterprise, Unlimited, and Developer Editions

            Before you configure your Experience Cloud settings, complete these tasks.

            Depending on your use case, there are a few considerations before you configure these settings.

            For security, you must configure Salesforce to require either authentication or reCAPTCHA when your app submits user information to Headless Registration API. If you’re implementing the flow with a private client—also known as a web app with a backing server—we recommend that you always require authentication. With this requirement, when your app submits user information to the headless registration endpoint, you must include an access token issued to an integration user. To get the access token, use an internal integration user to complete an OAuth flow integrated with Salesforce, like the OAuth 2.0 web server flow. Make sure that you include the user_registration_api scope when you complete this flow, either by configuring it on your connected app or passing it as a parameter. Save the access token from your response.

            If you’re using the flow with a public client—also known as a single-page app—we recommend that you always reCAPTCHA. With this requirement, you must include a reCAPTCHA token in POST requests when your app submits user information to the Headless Registration API. To get a reCAPTCHA token, implement reCAPTCHA on your third-party app. For more information, see the reCAPTCHA documentation provided by Google.

            We recommend that you never require authentication for public clients because they can’t keep the access token secret.

            To expand your email template options for the one-time password (OTP) email sent to end users during the flow, opt in to email template allowlisting and create an allowlist with custom templates. See Use Multiple Email Templates for Headless Flows.

            1. From Setup, in the Quick Find box, enter Sites, and then select All Sites.
            2. To access Experience Workspaces, next to your site name, click Workspaces.
            3. Select Administration, and then select Login & Registration.
            4. From the Administration workspace, select Login & Registration.
            5. Under Headless Identity Configuration, select Allow self-registration via the Headless Registration API.
            6. To require an access token when your app submits user information to the Headless Registration API, select Require authentication to access this API.
              If you select this option, you must include an access token issued to an internal integration user in your POST request to the init/registration endpoint. Include the access token in a Basic authorization header. The access token must contain the user_registration_api scope.
            7. To require a reCAPTCHA token when your app submits user information to the Headless Registration API, select Require reCAPTCHA to access this API.
              If you select this option, you must include a reCAPTCHA token in your POST request to the init/registration endpoint. If you’re implementing headless registration with a public client, select this setting.
            8. For Default Profile, select the profile that you want to assign to new users when they register.
            9. For Registration Handler, click Lookup, and then select an Apex class that implements the HeadlessRegistrationHandler interface. Or, to automatically create a template, select Create a headless registration handler template. The template is created when you save your changes. Edit its default content from Apex Classes in Setup.
              For more information about creating a headless registration handler or editing the default handler, see HeadlessSelfRegistrationHandler Interface in the Apex Reference Guide.
            10. For Run As, select an execution user for the registration handler.
            11. If you selected Require reCAPTCHA to access this API, configure reCAPTCHA settings.
              1. For Secret Key, enter the key from your reCAPTCHA API key pair.
              2. For Score Threshold, enter a threshold value between 0.5 and 1.
                If you’re using reCAPTCHA v3, this value determines the score that you accept. Scores closer to 0.5 are more likely to be bots, while scores closer to 1 are more likely to be valid users. For more information, see the reCAPTCHA v3 documentation.
              Note
              Note If you require reCAPTCHA for other Headless Identity flows, like forgot password and passwordless login, these settings also apply.
            12. Save your settings.
            13. Optionally, configure an email template. If you created an email template allowlist, Salesforce defaults to this email template if you don’t include an emailtemplate parameter in your request.
              1. From the Administration workspace, select Emails.
              2. For One-Time Password for Headless Registration, click Lookup.
              3. In the popup window that appears, select Experience Cloud: One-Time Password Email for Headless Registration Verification.
              4. Save your changes.
              5. To customize the email, edit its default content.

            Configure the Headless Registration Flow using the instructions for your app type.

             
            Loading
            Salesforce Help | Article