function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

API Access with Delegated Authorization on Professional Edition

Here is the problem.

We have AppExchange product that is Aloha-approved, so we have an api access token.

Up until now, we have required users to log-in to from our app. We apply the api token as part of the connection header.  Theapi token allows users to use our app with all editions of, especially Professional Edition.

This is the code we use - php

function GetClient($login, $password, $token, $sandbox) {
             $wsdl = "soapclient/partner.wsdl.xml";
             if ($sandbox = "true") {
                 $wsdl = "soapclient/partnerSandbox.wsdl.xml";
            // The List api token - required for PE and GE access
        $apiToken = '<token provided by>';
            // Establish client
        $client = new SforcePartnerClient();
            // Add api token to connection
        $callOptionsHeader = new CallOptions($apiToken);
            // Login to          
        try {
            $loginResult = $client->login($login, $password.$token);
            if ($loginResult->passwordExpired) {
                $client = null;
        catch (Exception $e) {
            echo $e->getMessage();
            $client = null;

And we have a client using our application who has Professional Edition, but also is using Delegated Authorization via PingIdentity. 

When the user tries to log in to from our application, they use their SSO user name and password. This gets them a valid token from Ping, but no log-in to This is, of course, an api-login.

If the system admin uses his account, it works fine.

So the question is, how do you pass an api token when a Professional Edition sso user is trying to log in as an api user?

The api token is in the header of the initial log in request to What happens to it when forwards the request to a delegated authority? Does it go to the delegated authority? Does it come back? Does it stay with the login request for use the authorization is granted by the delegated authority? Or is it just lost?

Hi , 

API Enabled permission will be on the Users Permission Section in the Profile.

API Enabled option will be there only for Users of Profile System Administrator or Cloned profiel of System Administrator.

You need to contact Support for this.

Please go through the link whcih states the following information about Enabling API in professional Edition.

If you dont see the permission, you need to contact Support.

This feature is enabled by default for Unlimited, Enterprise, and Developer Editions. Some Professional Edition organizations may also have the API enabled. If you cannot access the features you see in this guide, contact

See more in the discussion below,

Also See the links below,



This is not the answer. NONE OF THE USERS HAVE API-ENABLED. The AppExchange App, as an Aloha App, is API-enabled. This works fine with a normal log-in, as the api key specific to the app is passed as part of the header in the log-in process.

But when the organization uses an OAuth provided, in this case through Ping Identity, the token is dropped somewhere between the AppExchange app and Ping and