In Salesforce, a Security Token is a unique, alphanumeric key that is generated to enhance security when connecting to Salesforce from external applications or API tools (such as Data Loader, integrations, or Salesforce CLI) outside of trusted IP ranges.

How Security Tokens Works?

When logging in from an untrusted IP address, Salesforce requires you to append the security token to your password. This ensures that only authorized users can access Salesforce data from outside the company’s IP range.

Example: If your password is MyPassword123 and your security token is XYZ456789, you’d enter MyPassword123XYZ456789 as the password in your integration tool.

How to Retrieve Your Security Token

  1. Go to Setup in Salesforce.
  2. Enter My Personal Information in the Quick Find box and select Reset My Security Token.
  3. Click Reset Security Token. Salesforce will send the new token to your registered email.

When Security Tokens are Used

Security tokens are required when:

  • Accessing Salesforce from outside trusted IP ranges.
  • Integrating with Salesforce using third-party tools that don’t support OAuth authentication.

Note: Changing your password will invalidate the existing security token, requiring you to reset it.

Security tokens add a critical layer of protection, safeguarding Salesforce data when accessed from unfamiliar networks.

Why Security Token is used in Salesforce.com?

Force.com has an additional layer of access for external and client application. If a user running a development tool like Data loader or Force.com IDE or developing a web application which uses Web services API, every user must append a security token at the end of their passwords. Security Token in Salesforce are used at the end of the passwords if the IP address is outside of the trusted IP range. If the IP address is in trusted range, then there is no need of Security Token.

  • Security Token is automatically generated which have 24 characters, alphanumeric string.
  • They are case sensitive.
  • It is used only once, every time new security token must be generated.

How Security Token is Sent to User?

When a user want’s to reset their passwords a new security token will be sent automatically to user email address. To get Security Token, user must go to reset security Token settings. To rest your security token follow the steps given below.

How to reset Security Token in Salesforce.com.

To receive or reset security token follow the steps given below.

  • Go to Setup=>Personal Setup=>My Personal Information=>Reset Security Token.
Security Tokens in Salesforce.com

Click on reset Security Token button, automatically email will be sent to the user.

How to use security token?

Every time security token must be added immediately after the password. If a user have password is “password” and new generated security token is “xyzabc” then user must enter as “passwordxyzabc”. We must be very careful when reseting administrator password as it may affect running applications and lock users out. It is advised that for external application we must create new “API-only” user and set it password to never expire.