Finding your user name and API security token (2024)

FAQs

How do I find my API access token? ›

Obtaining the API token

To get the API token for a user, an HTTP POST request should be sent to the Token resource. In the post body, username and password are specified in JSON format, and the response body contains a token key with an actual API Token as the value.

A security token is necessary for login while using the Salesforce API. A security token is an alpha – numeric with specific instance that you can use in your passwords or enter in a distinct field in a client application. Your settings or profile do not show your security token.

Note If you have the API only user permission, or your admin specifies login IP ranges for your account, you can't manually reset your security token. To reset your token, contact your admin. From your personal settings, in the Quick Find box, enter Reset , and then select Reset My Security Token.

API token authentication

If you use an API token, combine your email address and API token to generate the authorization header. The email address and API token combination need to be a Base-64 encoded string. For an example of how to format the authorization header, see the code block below.

Send a POST request to the /token identity platform endpoint to acquire an access token. In this request, the client uses the client secret. The directory tenant that you want to request permission from. The value can be in GUID or a friendly name format.

API keys are for projects, authentication is for users

Authentication tokens identify a user — the person — that is using the app or site.

Examples of security tokens in crypto include Polymath, tZero, Harbor, and Securitize. What is a security token? A security token is a digital asset that represents ownership or participation in a real-world asset, such as shares in a company, real estate, or commodities.

How do I authenticate a user token? ›

API keys that are generated must also use Alphanumeric and special characters. An example of such an API key is zaCELgL. 0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx .

If your app needs to call APIs on behalf of the user, access tokens and (optionally) refresh tokens are needed. These can be stored server-side or in a session cookie. The cookie needs to be encrypted and have a maximum size of 4 KB.

Token-based authentication is a process where the user sends his credential to the server, server will validate the user details and generate a token which is sent as response to the users, and user store the token in client side, so client do further HTTP call using this token which can be added to the header and ...