function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Ajinkya Pande 10Ajinkya Pande 10 

Getting this error Invalid Session Id

I am getting this error while using Developer Sandbox: invalid session id this gets resolved when the security token is reset and need to use the new credentials for API users. 

User-added image
Best Answer chosen by Ajinkya Pande 10
VinayVinay (Salesforce Developers) 
Hi Ajinkya,

Check steps mentioned below for error INVALID_SESSION_ID.

https://help.salesforce.com/s/articleView?id=000335524&type=1

Please mark as Best Answer if above information was helpful.

Thanks,

All Answers

VinayVinay (Salesforce Developers) 
Hi Ajinkya,

Check steps mentioned below for error INVALID_SESSION_ID.

https://help.salesforce.com/s/articleView?id=000335524&type=1

Please mark as Best Answer if above information was helpful.

Thanks,
This was selected as the best answer
Steve Morgan 8Steve Morgan 8

Hi,

Out of intersest did this code work before the Winter '22 release?

Seeing some perfectly functioning code that calls an Apex API has suddenly stopped working and it's rejecting the token with this error. 

[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

I'm still investigating why - I suspect IP restrictions / user restrictions are being enforced now. Obvioulsy need to work this out before this rolls to production instances.

Steve
Steve Morgan 8Steve Morgan 8

OK - worked it out. 

I think it's the Enhanced Domains setting for our UAT site. The URLs for the API endpoints now have .sandbox. included. Salesforce have added a 307 redirect on the old apoi but though the auth token is posted on the initial request it's not present for SF on the redirect. 

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_domains_enhanced_ru.htm&type=5&release=240

So the fix my side was to update all URLs for external API calls from:
https://CLIENT--uat.my.salesforce.com/services/apexrest/myapiname/v1

TO:
https://CLIENT--uat.sandbox.my.salesforce.com/apexrest/myapiname/v1

Hopefully this also means production will be unaffected but I shall definitely be reviewing.

I hope this helps someone else!

Steve
Steve Morgan 8Steve Morgan 8
Just realised a typo in my above response - I mean the Winter '23 release, not 22
Ajinkya Pande 10Ajinkya Pande 10
Thank you for the answer.