SOAP-API authentication

I am trying to implement SOAP-API for Java and find that the authentication is 2 step using the REST and then passing the token in the SOAP header. I also downloaded the example from

In the example I dont find the REST api call but username and password. Which is the correct way to authenticate?



Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Generally with the SOAP API you have two ways to authenticate a request with Salesforce.

  1. You use the login API call with the username and password to get a SessionID and corresponding Server URL to make the subsequent API calls to. The SessionId should be sent via the SessionHeader. Typically you will need to append the security token to the password unless your IP address has be added to the Org.
  2. You use an alternative means to get a valid Session Id and proceed directly to using the SessionHeader.

There are several alternatives for getting a valid Session Id. OAuth 2.0 is the preferred method if you are requesting credentials from individual users. By selecting the correct flow there is no need for the user to give your app their username and password. Instead you get the resulting access token that can be used for API calls. Generally speaking the access token is interchangeable with the session Id (depending on the requested scopes).

Method 2

You use a username, password, and security token for the SOAP API. The access token, in which you do not use your username and password, is for the REST API.

With a username, password, and security token, you POST to the SOAP API, and then Salesforce will give you a Session ID to interact with standard objects.

With the REST API, you are given a client ID, client secret, and you POST those credentials to Salesforce to get an access token so that you can interact with custom objects.

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x