I'm using the Salesforce iOS SDK to connect to database.com as the backend for an iOS app we are building. The problem is we need database.com access to be transparent to the user. They shouldn't know that database.com is the backend.

We need to use the old user/pass flow to login automatically in the background and are calling the SOAP API to get a session ID; however, unfortunately, when making an API call you must include a security token with your password if you are "external" to the organization. You must sign into SF.com to generate the security token. This is a no-go from within the app as ALL users will be "external" users.

We can't have them logging into SF.com to generate a token then return to the app.

Any ideas?

Attribution to: radesix

Possible Suggestion/Solution #1

You can remove the requirement for the security token based on IP address, either at the organization level or the Profile level. If all of the users of this app are the same Profile, add a Login IP Range (at the Profile, not Organizational level) that includes the IP addresses they will be using. You could even add the range 1.0.0.0 through 255.255.255.255 if you want. I would recommend making this range as narrow as possible, but with mobile apps that may not work out.

It almost goes without saying that if you do this you're disabling a big part of Salesforce security.

Attribution to: Jeremy Nottingham
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/1530