I have registered connected application with partner's SalesForce on Partner API level. Connected app have defined following scopes (id, web, api and refresh_token).
When I try to invoke SOAP API over username, password and session id combination (this is not OAuth2.0 protocol/access token combination) in old fashion style I'm getting :
INVALID_SESSION_ID: This session is not valid for use with the API
When partner turned off in SF App Access Settings, (Setup -> Manage Apps -> Connected Apps) following parameter :
Limit access to apps that are currently installed and have "Admin approved users and pre-authorized" as their Permitted Users setting
our application was in position to smoothly communicate with SF SOAP API.
What does this mean ? What I have to change in my configuration.
I have asked here is it possible to call SOAP API without access token (in old fashion) if you have registered application as connected app. I got answer Yes.
I do not know what I am doing wrong.
Best Answer
If the org has white listing turned on (e.g. only these approved apps can connect) then anything else won't be allowed to login. Is there a reason why you're not doing an oauth flow to authenticate your app, especially as you've defined a connected app for it.
Also, if you want to authenticate without using a users API security token, you'll need to do it via an interactive OAuth login flow. All the programmatic login flows require the users API security token (unless the login is from a white listed IP address).