External Services setup is two steps: create the Named Credential for authentication, then register the service against an OpenAPI spec. The service is then usable in any flow on the same org.
- Create the Named Credential
Setup, Named Credentials. New Named Credential. Configure URL, authentication type, and the External Credential (which stores the actual API key, OAuth token, or password). Named Credentials must exist before the External Service can reference them.
- Register the External Service
Setup, External Services. New External Service. Pick the Named Credential. Provide the OpenAPI spec by URL, paste, or file upload. Salesforce parses the spec and lists every operation. Pick which operations to expose as flow actions.
- Review the generated metadata
After save, Salesforce generates Apex wrapper classes named ExternalService_YourServiceName. Inspect them under Setup, Apex Classes. Do not edit; re-imports overwrite. The classes are deployable via change sets or DX.
- Use the actions in Flow
Flow Builder, add Action element. Filter to External Service. Pick the operation. Configure input parameters (path, query, body fields). Bind outputs to flow variables for downstream use.
- Handle errors
Add a Fault path on the Action element. The fault path receives a fault message variable with the response status and error body. Build a separate error-handling sub-flow that logs or escalates on integration failures.
Supports OpenAPI 2.0 (Swagger) and 3.0. Older Swagger 1.x specs need conversion before import. The spec source can be JSON or YAML.
Pick which operations from the spec to expose as flow actions. Limiting to relevant operations keeps the flow action picker clean and reduces generated metadata footprint.
Inherited from the Named Credential: OAuth (2.0 client credentials, JWT), API Key, Basic Auth, AWS Signature, Mutual TLS, custom. Switching auth requires editing the Named Credential, not the External Service.
Generated Apex types reflect the spec's response schemas. Strongly typed outputs let Flow bind fields directly without JSON parsing.
- Polymorphic response types (oneOf, anyOf) and certain auth flows (OAuth implicit, password grant) are not supported. Fall back to custom Apex for these cases.
- Generated classes are not editable; re-importing the spec replaces them. Custom modifications belong in a wrapper class, not the generated code.
- Multi-part file uploads and binary payloads are unsupported. APIs that require file upload need custom Apex callout code.
- The action picker in Flow shows every operation imported, even ones never used. Limit the import to relevant operations to keep the UI usable.
- Breaking spec changes cause re-import to fail compile. Treat the spec as a contract; major-version changes require coordinated migration of dependent flows.