Login Server URL
The SOAP implementation of the API also provides a single login server.You can log in to any organization via a single entry
point, without having to hard-code the instance for your organization.To access an organization via the API, you must ﬁrst
authenticate the session by sending a
request to the login server at the following URL:
The less secure version of the URL is also supported:
The less secure version of the URL is supported for debugging through proxy servers.
All subsequent calls to the server during the session should be made to the URL returned in the
points to the server instance for your organization.
Start By Logging In to the Login Server
Before invoking any other calls, a client application must ﬁrst invoke the
call to establish a session with the login
server, set the returned server URL as the target server for subsequent API requests, and set the returned session ID in the
SOAP header to provide server authorization for subsequent API requests. For more information, see
and Step 4:
Walk Through the Sample Code.
Salesforce checks the IP address from which the client application is logging in, and blocks logins from unknown IP addresses.
For a blocked login via the API,Salesforce returns a login fault.Then, the user must add their security token to the end of
their password in order to log in. A security token is an automatically-generated key from Salesforce. For example, if a user's
, and their security token is
, then the user must enter
log in. Users can obtain their security token by changing their password or resetting their security token via the Salesforce user
interface.When a user changes their password or resets their security token,Salesforce sends a new security token to the email
address on the user's Salesforce record.The security token is valid until a user resets their security token, changes their password,
or has their password reset.When the security token is invalid, the user must repeat the login process to log in.To avoid this,
the administrator can make sure the client's IP address is added to the organization's list of trusted IP addresses. For more
information, see Security Token.
Once you are logged in, you can issue API calls. For each operation, client applications submit a synchronous request to the
API, await the response, and process the results.The API commits any changed data automatically. For a list of the API calls:
• Core Calls
• Describe Calls
• Utility Calls
Typical API Call Sequence
For each call, your client application typically:
1. Prepares the request by deﬁning request parameters, if applicable.
2. Invokes the call, which passes the request with its parameters to the Force.comWeb Service for processing.
3. Receives the response from the API.
4. Handles the response, either by processing the returned data (for a successful invocation) or by handling the error (for a
Login Server URL