Salesforce retires older technologies to improve platform security, performance, and reliability. Over the years, several legacy API versions have reached the end of their lifecycle, requiring organizations to modernize their integrations and authentication methods.
One of the most significant upcoming changes is the retirement of the SOAP API login() operation in Summer ’27. While many organizations still rely on this authentication method, Salesforce is moving toward a more secure, OAuth-based authentication model using External Client Apps.
It is important to understand that Salesforce is not retiring the SOAP API itself. The retirement specifically affects the SOAP API login() authentication operation. Organizations can continue using SOAP API functionality after Summer ’27, provided authentication is performed through supported OAuth-based mechanisms.
If your organization uses integrations, middleware platforms, custom applications, Data Loader jobs, or third-party tools connected to Salesforce, now is the time to assess your environment and prepare for the upcoming changes.
Understanding the Salesforce API Lifecycle
Salesforce supports each API version for a minimum of three years from its initial release. This lifecycle approach allows customers sufficient time to upgrade their applications while enabling Salesforce to focus on newer, more secure platform capabilities.
Before an API version is retired, Salesforce provides advance notice so organizations can identify affected integrations and plan upgrades accordingly.
The current API support landscape looks like this:
| API Version | API Status | SOAP API login() Status |
| 65.0–66.0 | Supported | Not Available |
| 31.0–64.0 | Supported | Supported Until Summer ’27 |
| 21.0–30.0 | Retired and Unavailable | Retired and Unavailable |
| 7.0–20.0 | Retired and Unavailable | Retired and Unavailable |
If a request is sent to a retired SOAP API version, Salesforce returns the following error:
500: UNSUPPORTED_API_VERSION
Why Salesforce Retires Older APIs
API retirement is part of Salesforce’s long-term platform strategy. As technology evolves, older APIs become harder to maintain and often lack modern security enhancements. By retiring legacy versions, Salesforce can:
- Improve security standards
- Deliver better platform performance
- Reduce technical debt
- Support newer platform capabilities
- Encourage adoption of modern authentication frameworks
Organizations that stay on supported versions benefit from continuous improvements and ongoing Salesforce support.
Salesforce API Retirement Timeline
Understanding the retirement timeline helps organizations evaluate potential risks.
| Release | Event |
| Summer ’22 | API Versions 7.0–20.0 Retired |
| Summer ’25 | API Versions 21.0–30.0 Retired |
| Summer ’26 | Additional SOAP API login() security controls introduced |
| Summer ’27 | SOAP API login() Retirement Enforcement |
Retirement of API Versions 7.0 Through 20.0
Salesforce retired API versions 7.0 through 20.0 in the Summer ’22 release.
This retirement affected:
- SOAP API
- REST API
- Bulk API
Applications using these versions lost access to Salesforce endpoints and stopped functioning unless upgraded to supported API versions.
Organizations that relied on older integrations were required to update endpoint references and modernize their implementations before the retirement deadline.
Retirement of API Versions 21.0 Through 30.0
API versions 21.0 through 30.0 followed the next phase of Salesforce’s retirement strategy.
These versions were:
- Deprecated in Summer ’22
- Retired in Summer ’25
As of today, integrations still using these versions are already failing because Salesforce no longer supports or processes requests against those endpoints.
Errors Returned by Retired API Versions
Different APIs return different retirement-related errors.
SOAP API
500: UNSUPPORTED_API_VERSION
REST API
410: GONE
Bulk API
400: InvalidVersion
These errors indicate that the API endpoint is no longer available.
Common Integrations Impacted by API Retirements
Organizations should review the following areas when assessing retirement risks:
- Legacy Connected Apps
- Custom integrations and middleware platforms
- Older Data Loader installations
- Third-party applications using Salesforce APIs
- Outbound Messaging implementations
- AJAX Toolkit references in Visualforce pages
- Legacy web service connectors
If any of these components were built years ago and have not been updated recently, they should be reviewed immediately.
The Biggest Upcoming Change: SOAP API login() Retirement
The next major milestone is the retirement of the SOAP API login() authentication operation.
For many years, external applications were authenticated by sending usernames and passwords directly through the SOAP login() method. While effective, this approach no longer aligns with modern security best practices.
Salesforce is moving toward a secure-by-default authentication model built around OAuth and External Client Apps.
Current Status of SOAP API login()
The SOAP API login() operation remains available in API versions 31.0 through 64.0.
However:
- SOAP API login() is unavailable in API version 65.0 and later.
- Full retirement is scheduled for Summer ’27.
- New Salesforce orgs have SOAP API login() disabled by default.
- Additional security controls continue to be introduced.
Organizations should begin migration planning now rather than waiting for the retirement deadline.
Why Is Salesforce Retiring SOAP API login()?
The primary driver is security.
Modern authentication frameworks offer:
- Stronger authentication controls
- Better auditing capabilities
- Reduced credential exposure
- Granular access management
- Improved compliance support
Instead of storing usernames and passwords within applications, Salesforce encourages token-based authentication using OAuth.
This approach significantly reduces security risks while providing better control over connected applications.
Recommended Authentication Alternatives
Salesforce recommends migrating to OAuth-based authentication through External Client Apps.
The most common options include:
OAuth 2.0 Web Server Flow
Best suited for:
- Web applications
- User-driven authentication scenarios
- Enterprise applications
OAuth 2.0 JWT Bearer Flow
Best suited for:
- Server-to-server integrations
- Background automation
- Headless integrations
OAuth 2.0 Client Credentials Flow
Best suited for:
- Machine-to-machine communication
- Service accounts
- Backend services
The appropriate flow depends on the application’s architecture and authentication requirements.
What Happens If You Don’t Migrate?
Applications that continue using SOAP API login() after the Summer ’27 retirement date will no longer be able to authenticate with Salesforce. As a result, affected integrations will stop functioning until they are migrated to a supported OAuth-based authentication model. For organizations with business-critical integrations, delaying migration increases operational and security risks.
How to Identify Applications Using Legacy Authentication
The first step is creating an inventory of all applications and integrations connected to Salesforce. Start by contacting application owners, integration teams, and third-party vendors to determine how each system authenticates. Salesforce also provides several tools to help identify impacted applications.
Review Login History
Navigate to: Setup → Login History Review entries where:
- Login Type = Other Apex API
- Login Type = Partner Product
- Login Subtype = SOAP API
These records can help identify applications using SOAP API login().
Analyze API Total Usage Event Logs
The API Total Usage event type provides visibility into:
- SOAP API activity
- REST API activity
- Bulk API activity
- Authentication methods
- API version consumption
One particularly useful indicator is the CONNECTED_APP_ID field. If the field is empty, the application may be authenticating through SOAP API login() or a session-based approach. Administrators can use this information to identify potentially impacted applications.
Event Monitoring and API Analysis
Organizations can use several methods to investigate API usage:
Event Log Browser
Review and download API activity directly from Salesforce Setup.
Salesforce CLI
Query EventLogFile records and analyze API consumption programmatically.
API Total Usage Event Logs
Analyze authentication methods, API versions, and application activity across the organization. Regular monitoring helps identify legacy integrations long before retirement deadlines arrive.
Testing SOAP API login() Retirement
Salesforce provides a Release Update that allows organizations to simulate retirement behavior before enforcement occurs. By enabling the test run, administrators can:
- Identify failing integrations
- Validate OAuth migrations
- Confirm application readiness
- Reduce deployment risk
This testing capability is one of the most effective ways to prepare for Summer ’27.
Additional Considerations for New Salesforce Orgs
New Salesforce orgs are designed with stronger security controls by default. Key changes include:
- SOAP API login() disabled by default
- New permission controls governing SOAP authentication
- Increased emphasis on OAuth authentication
- Greater use of External Client Apps
Organizations building new integrations should adopt OAuth from the start rather than implementing legacy authentication methods.
Action Checklist for Salesforce Admins
Before Summer ’27, complete the following:
- Inventory all Salesforce integrations
- Review Login History
- Analyze API Total Usage Event Logs
- Identify SOAP API login() usage
- Contact third-party vendors
- Implement External Client Apps
- Migrate to OAuth authentication
- Test using the SOAP API login() Retirement Release Update
- Upgrade applications using retired API versions
Conclusion
Salesforce’s API retirement strategy is designed to improve platform security, reliability, and long-term maintainability. The retirement of API versions 7.0–30.0 has already highlighted the importance of keeping integrations current, while the upcoming retirement of SOAP API login() marks the next major step in Salesforce’s modernization journey.
Organizations that proactively inventory their integrations, review API usage, adopt OAuth authentication, and test retirement readiness will be well positioned for a smooth transition.
The best approach is simple: identify legacy dependencies now, modernize authentication early, and ensure every Salesforce integration remains secure, supported, and future-ready.
