How to Create Transaction Security Policy via API?
Question:
I am trying to create a Transaction Security Policy using the Tooling API in Salesforce but am struggling to get the JSON content right. I’ve tried multiple variations, but each results in an error. For example, when I include the eventName field, I get a FIELD_INTEGRITY_EXCEPTION error. When I move eventName outside the Metadata field, I encounter a JSON_PARSER_ERROR.
From my research, I found the object structure in the Tooling WSDL, which provides a list of valid event names such as CredentialStuffingEventStore, ApiEvent, LoginEvent, etc. However, I still can’t figure out how to properly serialize the data and include all necessary fields. Could you provide an example of how to create a Transaction Security Policy using the REST API, or clarify what the correct JSON payload should look like?
Answer:
To create a Transaction Security Policy using the Tooling API, you must follow the correct structure for the TransactionSecurityPolicy object.
Boost your career with expert Salesforce training in Chicago—join our free demo and start your journey to certification today!
Below is an example of how the JSON payload should look:
{
"FullName": "SL_Credential_Stuffing_Ev",
"Metadata": {
"eventName": "CredentialStuffingEventStore",
"active": true,
"apexClass": "MyClass",
"action": {
"block": false,
"endSession": false,
"freezeUser": false,
"notifications": [
{
"inApp": false,
"sendEmail": false,
"user": "bill@salesforcex.com"
}
],
"twoFactorAuthentication": false
}
}
}Code explanation:
This JSON defines a Transaction Security Policy in Salesforce. The FullName field specifies the unique name for the policy, while the Metadata object contains the policy’s details. Within Metadata, the eventName indicates the event type (e.g., CredentialStuffingEventStore), active sets the policy status, and apexClass references the Apex class for custom logic. The action field outlines the responses, such as blocking actions, ending sessions, freezing users, or sending notifications, all configured in the nested structure.
Common Errors and Fixes
- Missing Required Field –
eventName:
EnsureeventNameis included underMetadataand matches one of the valid values from the Tooling WSDL. Example values:ReportEvent,ApiEvent,LoginEvent, etc. - JSON_PARSER_ERROR:
This occurs if the structure is not properly nested or if a value is incorrectly formatted. Double-check the field placement and ensure JSON is valid. - FIELD_INTEGRITY_EXCEPTION:
This happens when a required field is missing or when an unsupported field is included. Make sure only the allowed fields are present underMetadata.
If you continue to encounter issues, validate the JSON structure against the Tooling WSDL for TransactionSecurityPolicy and ensure all required fields are serialized correctly. Use tools like Postman or Salesforce Workbench to test your payloads interactively.
Transform Your Career with Salesforce Training in Chicago
Accelerate your professional growth with our industry-recognized Salesforce training program in Chicago. Perfect for beginners and experienced professionals, this program provides in-depth knowledge of Salesforce CRM, hands-on project experience, and step-by-step guidance to ace certifications like Salesforce Administrator and Developer. With a job-focused curriculum and real-world applications, you’ll gain the skills and confidence needed to excel in the Salesforce ecosystem and achieve new career milestones.
Our Salesforce training prioritizes practical, Salesforce training in Chicago industry-relevant learning through personalized mentorship, comprehensive course materials, and real-time support for certification and interview preparation. Whether you’re starting your Salesforce journey or looking to upskill, our expert trainers will guide you every step of the way, helping you unlock your potential and stand out in a competitive job market.
Take the first step toward a thriving Salesforce career—join our free demo session today!!!
