Apex Developer Guide
Summer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
Spring '14 (API version 30.0)
Release Notes
Actions
Create a Custom Authentication Provider Plug-in
Token Exchange Handler Validation and Subject Mapping
Chatter Answers and Ideas
Moderate Chatter Private Messages with Triggers
Moderate Feed Items with Triggers
Experience Cloud Sites
External Services
Permission Set Groups
Support Classes
Territory Management 2.0
Apex Reference
Glossary
Newer Version Available
Authentication
Salesforce provides various ways to authenticate users. Build a combination of
authentication methods to fit the needs of your org and your users’ use
patterns.
-
Create a Custom Authentication Provider Plug-in
You can use Apex to create a custom OAuth-based authentication provider plug-in for single sign-on (SSO) to Salesforce. -
Token Exchange Handler Validation and Subject Mapping
When you have multiple apps and microservices serving data to an app—and a central identity provider authenticating users—the OAuth 2.0 token exchange flow simplifies your integrations. By exchanging a token from the identity provider for a Salesforce access token, you can give users access to their Salesforce data in your app without redesigning your integration pattern. During the token exchange flow, a user who is authenticated with the identity provider requests access to Salesforce data in your app. Because the user is already logged in, the app can pass the user’s tokens straight to Salesforce. Before Salesforce can grant its own tokens in return, it uses an Apex token exchange handler to validate the tokens from the identity provider and map them to a Salesforce user. To build your validation and subject mapping processes, create a class that extends the Auth.Oauth2TokenExchangeHandler Apex class. In addition to creating the token exchange handler Apex class, you must define an OauthTokenExchangeHandler metadata type.