API Only Users Can Access Only Salesforce APIs (Critical Update, Enforced)

API Only Users Can Access Only Salesforce APIs was a critical update in Spring ’19 and is enforced in Spring ’20. If a user has the API Only User permission, they can access Salesforce only via APIs, regardless of their other permissions. This restriction already applies to other Salesforce features, but this critical update enforces the restriction in Lightning Out.

Where: This change applies only to Lightning Out.

When: This critical update will be automatically activated when your sandbox or production org is upgraded to Spring ’20. Since auto-activation doesn't happen on one specific date for all orgs, you can ignore the Auto-Activation Date listed on the Critical Updates page in Setup.

Who: This change affects users with the API Only User permission.