In Winter ‘14 we introduced a program that allows specific approved, security-reviewed connected apps from Salesforce and our partners to integrate with Salesforce using a process that lets the connected app establish an API connection regardless of user profile settings. To ensure your users’ access to data is consistent with the permissions you have enabled, these apps will be required to respect user profile permissions for API access.
- Salesforce1 downloadable apps for iOS and Android devices
- Salesforce for Outlook
- Connect for Outlook
- Connect for Office
If you want your users to continue to have access to the affected connected apps, turn on the “API Enabled” permission. You can accomplish this through either a profile update or an appropriate permission set. Keep in mind that this will grant users API access to your organization and its data.
If you decide not to grant access, you should notify end users who do not have the “API Enabled” profile permission that they will not be able to use the affected connected apps.
If you are using an affected connected app developed by a Salesforce partner or ISV, you should contact the app provider for details on the potential impact. A list of affected partner connected apps is available in the API Access Change for Connected Apps Knowledge article.
Your data is protected by security tools in the application, including org-wide sharing settings, object-level security, and field-level security. This applies regardless of how users are accessing data, whether through the API or an application, to ensure that users don’t have improper access to data. For further information on application security settings, see Securing Data Access in the Salesforce Help.