Newer Version Available
Set Two-Factor Authentication Requirements for API Access
Salesforce admins can set the
“Two-Factor Authentication for API Logins” permission to allow using a second
authentication challenge for API access to Salesforce.
API access includes the use of applications like the Data Loader and developer tools for
customizing an organization or building client applications.
| Available in: Both Salesforce Classic and Lightning Experience |
| Available in: Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited Editions |
| User Permissions Needed | |
|---|---|
| To edit system permissions in profiles: | “Manage Profiles and Permission Sets” |
| To enable this feature: | “Two-Factor Authentication for User Interface Logins” |
The “Two-Factor Authentication for User Interface Logins” permission is a prerequisite for “Two-Factor Authentication for API Logins”. So, once these permissions are enabled, users must enter a second authentication value when logging in to Salesforce through the user interface. This second factor of authentication is also called a “time-based one-time password” (TOTP) or “time-based token.”
Users can connect an authenticator app to their account to generate the time-based one-time password.