Try Serpent Free

How to fix INVALID_CROSS_REFERENCE_KEY in Salesforce deployments

A deployed component references another record or field by an ID or API name that does not exist in the target org.

Surfaces during: both metadata deploy validation and runtime DML on record IDs

What it means

INVALID_CROSS_REFERENCE_KEY means Salesforce tried to resolve a reference inside your metadata, a record ID, a field API name, a page layout, a permission set assignment, and could not find a match in the target org. The reference itself may be perfectly valid in the org it came from; the problem is that the org receiving the deployment does not have a matching component yet, or never will.

It appears in two distinct contexts: at deploy time, when the Metadata API resolves a component reference, and at runtime, when Apex or the API passes a record ID that doesn't correspond to any record the running user can see in that org.

Diagnosis

Common causes

Hardcoded record ID from another org
A flow, approval process, or Apex class stores a record ID that only exists in the source sandbox, so the target org has nothing to match it to.
Dependency deployed out of order
A field, record type, or layout referenced by the component being deployed was not included in the same package or has not landed in the target org yet.
Stale or renamed API name
The component was renamed or its API name changed in one org but the reference pointing to it was never updated.

The fix

  1. Replace hardcoded IDs with lookups
    Swap any hardcoded 18 character record ID for a SOQL query, a Custom Metadata Type, or a Custom Setting so the reference resolves per org.
    Id defaultRecordTypeId = Schema.SObjectType.Case
        .getRecordTypeInfosByDeveloperName()
        .get('Support_Request')
        .getRecordTypeId();
  2. Bundle the full dependency chain
    Include every field, record type, and layout the component depends on in the same deployment, and deploy in dependency order.
  3. Verify the API name matches exactly
    Confirm the referenced component's API name in the target org is identical, including the __c suffix and object prefix.
In practice

How Serpent prevents this

Serpent AI maps the full dependency graph before a task ever reaches deploy, so a missing or renamed reference shows up as a scoping warning instead of a failed deployment. See the Salesforce deployment error library for related errors.

Metadata and data in one deployment flow in Serpent

Prevention

Ban hardcoded record IDs in code review
Treat any literal 15 or 18 character ID in Apex, Flow, or a formula as a review blocker; resolve references by API name, external ID, or Custom Metadata Type instead.
Deploy in explicit dependency order, not alphabetical or default order
Define an explicit deploy order for interdependent metadata rather than relying on the default order your tooling happens to produce.
Search for every reference before renaming an API name
Grep Apex, Flow, formulas, and layouts for a component's current API name before renaming it, so no stale reference is left behind.
Common questions

INVALID_CROSS_REFERENCE_KEY, answered

Does INVALID_CROSS_REFERENCE_KEY mean I lost data?
No. It means the deployment stopped before touching the target org, because a reference inside your metadata could not be resolved there.
Can sharing settings cause this error even when the record exists?
Yes. If the running user can't see a record due to sharing rules or org-wide defaults, Salesforce can treat it as unresolvable in the same way as a genuinely missing record.
Does this happen with standard fields, or only custom ones?
It can happen with either. A reference to a standard field or record that a target org's edition or configuration doesn't support resolves the same way as a missing custom component.

Start free. No credit card, no install, no commitment.

Set up in under 15 minutes. No DevOps hire needed.

Curious about faster shipping before you dive in? Let's talk

Commitment free!