function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Is it possible to extract ANY SalesForce users data using their Username/Password alone?

If i prompt end users of my web-application for their SalesForce username/password; is it enough for me to successfully use APIs to extract data from their accounts and present it to them.


Would i need some other information too from end users like - Their Security Token, Organization Id etc.?


The SalesForce Login API appears to need security token too (appended to the password).

Is this possible?
The security token is required (addded to the password), but if your application is used with a static invariant IP address, you can whitelist the IP in the network settings of your organization, this will make the use of the token not required.