Aug '25 • 🗣️GENERAL DISCUSSION
https://help.salesforce.com/s/articleView?id=xcloud.security_api_access_control_all_users.htm&type=5
What Is the Feature?
Salesforce’s API Access Control allows administrators to restrict API calls for all users unless those calls are made through pre-authorized (allow-listed) connected apps. With this control:
• You can lock down access to Salesforce APIs across the board.
• Only users assigned via profiles or permission sets to approved connected apps will be permitted to access APIs.
• To enable this feature, you must request API Access Control from Salesforce Customer Support.
Why Is It Important?
1. Tightened Security and Risk Mitigation
Prevent unauthorized or rogue apps from leveraging your Salesforce APIs. Only vetted, approved connected apps can operate—greatly reducing the attack surface.
2. Granular Access Management
Admins can specify exactly which connected apps are permitted and who within those apps can make API calls. This aligns with least-privilege access principles and supports precise access policies.
3. Better API Governance and Visibility
Controlling which applications can access APIs enhances oversight and auditing. It ensures that integrations are intentional, transparent, and compliant.
4. Provisioning Control
Combined with permission sets, you can manage access dynamically and consistently, ensuring only proper roles or users tap into sensitive operations.
3
0 comments
https://help.salesforce.com/s/articleView?id=xcloud.security_api_access_control_all_users.htm&type=5
skool.com/pathway-to-salesforce
A community to help you transition into tech, master Salesforce skills, and unlock career opportunities with hands-on learning and real-world support.
Leaderboard (30-day)
1
+343
2
+221
3
+82
4
+71
5
+66
Powered by