Salesforce API Access Control: A Complete Guide

Understanding API Access Control

Salesforce’s API Access Control feature provides robust security options for managing API access to your org. Available across Professional, Enterprise, Performance, Unlimited, and Developer Editions (in both Classic and Lightning), this feature lets you:

  • Restrict all users from accessing Salesforce APIs unless pre-authorized
  • Specifically limit customer/partner API access to approved connected apps

Key Capabilities

1. Restricting API Access via Connected Apps

  • Lock down all connected apps’ access to Salesforce APIs
  • Allowlist specific connected apps for approved access
  • Control user access through profiles and permission sets

2. Managing Customer/Partner API Access

  • Restrict Experience Cloud site users to installed connected apps
  • Maintain security while enabling necessary integrations

Implementation Process

To enable API Access Control:

  1. Contact Salesforce Customer Support to request activation
  2. Configure your access policies through Setup

API Management via Anypoint Platform

For organizations using MuleSoft’s Anypoint Platform to manage APIs, follow these steps to apply policies:

Prerequisites

  1. Generate Authorization Bearer token
  2. Obtain your Organization ID (Org ID)
  3. Retrieve Environment ID
  4. Identify the API ID

Applying IP Whitelist Policy

bash

Copy

Download

curl 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/<org_id>/environments/<env_id>/apis/<api_id>/policies' \
-X POST \
-H 'Accept: application/json, text/plain, */*' \
-H 'X-ANYPNT-ORG-ID: <org_id>' \
-H 'X-ANYPNT-ENV-ID: <env_id>' \
-H 'Content-Type: application/json;charset=utf-8' \
--data-raw '{
  "configurationData": {
    "ipExpression": "#[attributes.headers[''x-forwarded-for'']]",
    "ips": ["1.1.1.1"]
  },
  "apiVersionId": <api_id>,
  "pointcutData": null,
  "policyTemplateId": null,
  "groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
  "assetId": "ip-allowlist",
  "assetVersion": "1.1.1"
}'

Retrieving Policy Configuration

To understand policy parameters:

bash

Copy

Download

curl 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/<org_id>/environments/<env_id>/apis/<api_id>/policies' \
-X GET \
-H 'Accept: application/json, text/plain, */*' \
-H 'Authorization: Bearer <token>' \
-H 'X-ANYPNT-ENV-ID: <env_id>' \
-H 'Content-Type: application/json;charset=utf-8'

Best Practices

  1. Always test policies in a sandbox environment first
  2. Maintain detailed documentation of all API access policies
  3. Regularly review and audit connected app permissions
  4. Use the principle of least privilege when granting API access

By implementing these controls, organizations can significantly enhance their API security posture while maintaining necessary integration capabilities.

Content updated February 2025.

Salesforce Partner
#salesforcepartner
Related Posts
Who is Salesforce?
Salesforce

Who is Salesforce? Here is their story in their own words. From our inception, we've proudly embraced the identity of Read more

Salesforce Marketing Cloud Transactional Emails
Salesforce Marketing Cloud

Salesforce Marketing Cloud Transactional Emails are immediate, automated, non-promotional messages crucial to business operations and customer satisfaction, such as order Read more

Salesforce Unites Einstein Analytics with Financial CRM
Financial Services Sector

Salesforce has unveiled a comprehensive analytics solution tailored for wealth managers, home office professionals, and retail bankers, merging its Financial Read more

AI-Driven Propensity Scores
AI-driven propensity scores

AI plays a crucial role in propensity score estimation as it can discern underlying patterns between treatments and confounding variables Read more

Share