Hi all,

With the enforcement of MFA coming next year, I've started to test an API I wrote for a client that allows their website to talk to Salesforce. It's working fine right now, but if I enable High Assurance on the profile, I can no longer use the API.

The website first retrieves an access token and then uses that in the header for all subsequent calls. 

With High Assurance selected on the profile, I am able to authenticate and get an access token back, but when I use that access token in the next call to retrieve some data (using a custom RestResource class), I get the following response:
 

[
    {
        "message": "This session is not valid for use with the REST API",
        "errorCode": "INVALID_SESSION_ID"
    }
]

This is the connected app settings:
Any help or advice would be greatly appreciated!

Thanks

Andy​​​​​​​