Find your content:

Search form

You are here

Password & Security Token for external users


I'm using the Salesforce iOS SDK to connect to as the backend for an iOS app we are building. The problem is we need access to be transparent to the user. They shouldn't know that is the backend.

We need to use the old user/pass flow to login automatically in the background and are calling the SOAP API to get a session ID; however, unfortunately, when making an API call you must include a security token with your password if you are "external" to the organization. You must sign into to generate the security token. This is a no-go from within the app as ALL users will be "external" users.

We can't have them logging into to generate a token then return to the app.

Any ideas?

Attribution to: radesix

Possible Suggestion/Solution #1

You can remove the requirement for the security token based on IP address, either at the organization level or the Profile level. If all of the users of this app are the same Profile, add a Login IP Range (at the Profile, not Organizational level) that includes the IP addresses they will be using. You could even add the range through if you want. I would recommend making this range as narrow as possible, but with mobile apps that may not work out.

It almost goes without saying that if you do this you're disabling a big part of Salesforce security.

Attribution to: Jeremy Nottingham
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content