function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Access to REST API SALESFORCE using username and password?

Hello, I spend a lot of time in search how to use the rest api, but only i find information to use the rest api with oAuth, but in dont want to use oauth, i want to type the username and password in the code and this is all, i want to make an app where the client dont see any rest api comunication, I mean execute the apex code in background.


I find a code in



But show me a error [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]




You can use the username and password flow in oauth if you wish, but even better would be to use the server to server flow.


I get this error:

{"error":"invalid_grant","error_description":"authentication failure - Failed: API security token required"}



when calling this:

curl -k -d "grant_type=password&clientid=clientIdclient_secret=clientsecret&username=mysuserid&password=mypassword"


I'm using my actual username and password in the request.


Thanks for any help.


You need to use your api security token in addition to your password, see the online help on identity confirmation.


The link above that dkador provided indicates you can just send the username/password and then the response will include the access token which is what I'm after.  I'm just looking for a quick and easy way to get my access token.  Thanks.


If you're not connecting from a trusted IP address, you need to also include the api security token.

Mohith Kumar ShrivastavaMohith Kumar Shrivastava

Hi ,


I used mozilla  poster to get access token .I think you have to use oauth if you are using REST API's.There is no alternative.With username and password too you will get acess token and then using this you can easily call the apex code.


Here is my blog may be it can help you .


Use the above and implement same in your code.





Adam BreenAdam Breen

This same issue has been frustrating me for the last hour, but I finally worked it out!


YOU NEED TO APPEND YOUR SECURITY TOKEN (i.e. the one associated with your username) TO YOUR PASSWORD, AS A SINGLE STRING!!   


So for instance:


curl -d "grant_type=password&client_id={client_id}&client_secret={client_secret}&{Password}{SecurityToken}" ""


... will return



[tested 13/09/2012]


I guess the other option would be to register your IP address range with Salesforce, which I believe precludes the need for the Security Token... but that's not workable for, say, mobile scenarios.



Hope this saves others some headaches!



:) AB


Thanks.  That worked.

Integrations AnswerDashIntegrations AnswerDash
Username/password works for me, BUT only with an additional setting in the App: Apps -> [select your "Connected App"] -> Edit -> Oauth Policies -> Permitted Users -> All users may self-authorize.  By stumbling on this setting, I was finally able to get my token!  Previously, I kept getting {"error":"invalid_grant","error_description":"authentication failure"}.  Hope this helps someone else!
Rick PutnamRick Putnam
I had the same issue as Integrations AnswerDash documents: set Permitted users to All User May Self-Authorize. Thanks!
Peter LendackyPeter Lendacky

what is client_id in the example above when I have no Connected App registered, just user with API permission enabled?

Thank you
Hide the username and password and use Named Credential for that.  Here's the code and how to set up.

Named Credentials - Setup (

Named Credentials - Code (
HTTPRequest feedRequest = new HTTP Request();

SF Support 16SF Support 16
Adam Breen, you're genius! Registered only to comment here !
The password+token combination is also needed while changing user's password in UI. Nothing leads to this form of password enteting on the interface
farukh sk hdfarukh sk hd
Here rest api integration is performed by taking example of two salesforce system.