Loading

Security Updates to Outbound Messages: Session ID Will No Longer Be Sent

Дата публикации: Jun 19, 2026
Описание

Important: The update originally planned for the week of February 16 has been rescheduled to the week of February 23, 2026. No action is required on the original date. Any changes already made to prepare for this update can remain in place.

What Is Changing with Outbound Messages?

As part of Salesforce's ongoing commitment to strengthening account security, Salesforce is removing the ability to send session IDs in Outbound Messages.

Previously, outbound messages could be configured to include a session ID, allowing external systems to make API calls back into Salesforce without requiring separate authentication.

After this change:

  • There will no longer be a Send Session ID checkbox available when configuring Outbound Messages.
  • The IncludeSessionId flag in the API will be ignored and always set to FALSE.
  • For existing outbound messages, the session ID value will no longer appear within the <sessionID></sessionID> element of outbound message payloads.
Решение

Required Actions Before the February 23, 2026 Deadline

Action 1: Identify Affected Outbound Messages

Review your Salesforce org to locate all outbound messages configured to send a session ID and their corresponding endpoints.

Admins can find affected outbound messages by going to Setup → Quick Find: Outbound Messages, then reviewing which messages include a Session ID.

Action 2a: Update Internally Owned Endpoints to OAuth 2.0

If the endpoint receiving the outbound message is internally owned, update it to use OAuth 2.0-based authentication to obtain a valid access token from Salesforce:

 

Action 2b: Contact Third-Party Vendors to Update Their Endpoints

If the endpoint is owned by a third-party vendor, contact the vendor directly to ensure they update their integration to use full OAuth 2.0-based authentication with Salesforce.

Failure to update your org will result in the session ID no longer being sent, causing the endpoint to fail authentication and disrupting API calls and business processes. Use OAuth-based authentication to avoid service interruptions.

How to Get More Information

If you have questions or require further assistance, contact your Salesforce account team or open a case through Salesforce Help.

Номер статьи базы знаний

005232763

 
Загрузка
Salesforce Help | Article