This article answers common questions about connecting client applications to the Salesforce API (Application Programming Interface). API calls allow client applications to perform operations such as querying data in your organization, adding, updating, and deleting records, obtaining metadata about your data, and running administration utilities.
This article addresses the most frequently asked questions about Salesforce API connectivity, SOAP endpoint structure, IP address behavior, and allowlisting best practices.
Salesforce provides two types of SOAP WSDL call endpoints:
Enterprise endpoint — Uses the path '/c'. Example: <REDACTED> Example (sandbox): https://test.salesforce.com/services/Soap/c/40.0
Partner endpoint — Uses the path '/u'. Example: https://login.salesforce.com/services/Soap/u/40.0 Example (sandbox): https://test.salesforce.com/services/Soap/u/40.0
The WSDL document may specify a SOAP endpoint location that references an outbound port. For security reasons, Salesforce restricts outbound ports to the following:
For more information on best practices, see Updating Hard-Coded References FAQ.
No. The Salesforce domain name resolves to the entire IP address range, not a single IP. This range may change when a new data center is added or an older data center is removed. Salesforce communicates these changes in release notes or via email to org administrators. There is no defined schedule for IP range changes.
Due to the multi-tenant nature of Salesforce, all API connections cannot be guaranteed to originate from a single IP address. In a disaster recovery or failover situation, the IP address used for connections may change. Allowlisting only a single IP address can expose your company to extended downtime during such events. Allowlisting the entire Salesforce IP range is the recommended approach to ensure uninterrupted API connectivity.
000386036

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.