So what I read everywhere is that, in order to connect to Salesforce via the API, you'll have to authenticate using OAuth.
But this involves creating a Connected App, which is 'cumbersome' for normal users. They just want to login and go.
How do e.g. Jitterbit and Mavensmate etc solve this? I don't install Jitterbit/Mavensmate in my org, do I? There's no connected app in my org. Yet, they can access my data when I provide my username and password+token.
How can I connect to Salesforce without running via OAuth and a Connected App or installing something in the org?
Best Answer
You can use any login call, and you'll be able to use that session ID with REST. This probably isn't clearly documented, but there are similar questions on here (and other forums) that do explain this.
For example, I use this code to get my browser session:
...which I can then throw directly into the Authorization header (Bearer SID). I use this method when I'm testing our code in POSTMAN (custom REST calls).
You can also use any valid SOAP session, etc. Note that if you do use OAuth, the "scope" of that token must include API access, or it will be blocked.