Product Advisory on login() API retirement
Salesforce has announced a critical change to its security posture that impacts all third-party applications and integrations, including those utilizing Boomi’s Salesforce Connector. As part of its initiative to adopt a secure-by-default posture, Salesforce is retiring the legacy SOAP API login() operation, a method that allows external applications to authenticate by passing a user's plain-text username and password in the request body.
This change mandates that all external applications authenticate using the more secure External Client Apps and OAuth 2.0 flows.
To ensure a seamless transition for our customers, our product team is enhancing the Salesforce Connector to support OAuth 2.0 authentication.
Frequently Asked Questions (FAQ)
1. What is changing and why?
| Detail | Description |
|---|---|
| Current Method (Retiring in 2027) | SOAP API login() operation (used in API versions 31.0 through 64.0). |
| New Required Method | External Client Apps and OAuth 2.0 (Salesforce recommends the OAuth Client Credentials Flow or the OAuth Web Server Flow). |
| Reason for Change | To enhance security and comply with Salesforce's secure-by-default posture for authenticating external applications in the current threat landscape. |
2. What is the key deadline?
Salesforce will permanently end support for and retire the SOAP API login() operation with the Salesforce Summer '27 release.
After the Summer '27 release, any existing integration using the legacy SOAP API login() will fail to authenticate, and all subsequent API calls will fail.
3. What is the plan for the updated Salesforce Connector?
Release Timeline: We plan to release an updated version of the Salesforce Connector with the required OAuth support in 2026.
4. Is the Salesforce REST Connector a viable alternative to the Salesforce Connector?
Yes, the Salesforce REST Connector is a fully supported alternative that already uses the OAuth 2.0 authentication method and is not affected by the SOAP API login() retirement. If you need to immediately transition mission-critical integrations to a secure platform ahead of the 2026 SOAP Connector update, migrating to the REST Connector is a viable option.
We understand that mandatory connector updates can impact your business, and we are committed to making this transition as smooth as possible.
We strongly urge you to begin identifying and auditing all integrations using the Salesforce SOAP Connector today. We will release comprehensive documentation and updated connector availability announcements well in advance of the Salesforce retirement.
For more information, see SOAP API login() Retirement - Salesforce Help.
