Loading

Security Updates to the "Outbound Message with Session ID"

Veröffentlichungsdatum: Jan 15, 2026
Beschreibung

Original Publication Date - December 4, 2025
Updated - January 14, 2026

 

The update originally planned for the week of February 16 has been rescheduled for the week of February 23, 2026. You don’t need to take any action on the original date, and any changes that you have already made to prepare for this change can remain in place.

As part of our ongoing commitment to strengthening account security, Salesforce is removing the ability to send session IDs in Outbound Messages

What does this mean?

  • There will no longer be a Send Session ID checkbox for customers to select

  • The IncludeSessionId flag in the API will be ignored and always set to FALSE

  • For existing outbound messages, session ID values will no longer be within the <sessionID></sessionID> element of outbound message payloads.   


Previously, outbound messages could be configured to include a session ID, allowing external systems to make API calls back into Salesforce without requiring separate authentication.

Lösung

Actions Required:

  1. Identify Affected Outbound Messages: Customers must review their Salesforce org to locate all outbound messages that are configured to send a session ID, along with their corresponding endpoints.

    1. Admins can view their outbound messages through Setup> Quickfind: Outbound Messages and see which ones include a Session ID.

  2. Update Recipient Endpoints to use OAuth-based authentication (OAuth 2.0) for a valid access token.

    1. If the endpoint is internally owned:
      Customers will need to update the endpoint to perform a full authentication to Salesforce using OAuth 2.0 in order to obtain a valid access token.

    2. If the endpoint is owned by a third-party vendor:
      Contact the vendor directly to ensure they update the integration to use full OAuth-based authentication with Salesforce.

Failure to update your org will result in the session ID no longer being sent, causing the endpoint to fail authentication and disrupting API calls and business processes. Use OAuth-based authentication to avoid service interruptions.

How can I get more information?

If you have any questions or require further assistance, contact your Salesforce account team or open a case with support through Salesforce Help.

Nummer des Knowledge-Artikels

005232763

 
Laden
Salesforce Help | Article