Login/Register
Python Simple Salesforce
Asked Answered
Solved pythonpython-2.7soapsalesforcesimple-salesforce
G

8

11

I am trying to use simple_salesforce to query salesforce data with Python. I am using my username and password, which I am 100% sure is correct. I got the org ID from logging into Salesforce and looking at my company profile. It's only a 15-digit ID. I am specifically using an orgID to avoid using a security token as I don't know what it is. What am I doing wrong?

Code: 

from simple_salesforce import Salesforce
sf = Salesforce(instance_url='https://na1.salesforce.com', session_id='')
sf = Salesforce(password='password', username='email', organizationId='15 digit org id')

Output:

File "C:\Python27\lib\site-packages\simple_salesforce\api.py", line 100, in __init__
proxies=self.proxies)
File "C:\Python27\lib\site-packages\simple_salesforce\login.py", line 124, in SalesforceLogin
code=except_code, message=except_msg))
simple_salesforce.login.SalesforceAuthenticationFailed: INVALID_LOGIN: Invalid username, password, security token; or user locked out.
Glimp answered 5/8, 2014 at 2:23 Comment(4)
Hi, did you solve your problem? I am still experiencing the same problem on my side, and I am using security_token instead of organisationId. I've taken my security_token from salesforce with a mail. But it is still failing to log in and console is still showing me the same error of yours. Any updates from this one?Imparisyllabic
Yes, I did. I am using the security token and that worked fine. If you want to post a question with specific code and error. I can take a look.Glimp
Can you please take a look at this? #38660306Imparisyllabic
If you have IP restrictions enabled you should use an empty string '' as the security token.Desdee
V
7

There is a way to log in with simple-salesforce with only a username and password. No security token required:

from simple_salesforce import Salesforce, SalesforceLogin

session_id, instance = SalesforceLogin(username='<user>', password='<pass>')
sf = Salesforce(instance=instance, session_id=session_id)
# Logged in! Now perform API actions, SOQL queries, etc.
sf.query_all('<soql>')

Explanation

All examples using simple-salesforce begin with a call to the Salesforce constructor to log in. This constructor accepts either an existing session ID, or authentication credentials to log in and make a new session. When logging in, it calls the lower-level SalesforceLogin function to do the real work, but interestingly SalesforceLogin does not enforce the same constraints on its arguments—it issues the correct SOAP call to log in with just a username and password, without requiring a token or organization ID.

Using this trick, we call SalesforceLogin directly, obtain the new session ID, then pass it directly into the Salesforce constructor. From that point on, we are able to make authenticated API requests.

Note

The version of simple-salesforce on PyPI (i.e. pip install simple-salesforce) is very outdated with the simple-salesforce GitHub repository. The latest version supports additional login parameters like domain for login with custom domains. To get the latest version, use

pip install --upgrade https://github.com/simple-salesforce/simple-salesforce/archive/master.zip

(Pip-installing from zip is faster than using git+ssh:// or git+https://, as noted in this answer.)

Vierno answered 3/4, 2018 at 2:29 Comment(0)
P
10

I wrote most of simple-salesforce (although not the organizationId part, as I don't have an IP-whitelisted account to test against)

The standard/vanilla/regular/99% of users should use version is the simple username, password, security_token method.

So something like this

from simple_salesforce import Salesforce
sf = Salesforce(username='[email protected]', password='nickspassword', security_token='tokenemailedtonick')

By far the most confusing part is the security_token part (and was the part I got snagged with.) It turns out the Security Token is emailed to you after a successful password reset. So if you go into your salesforce account and reset your password, I believe you'll end up with an email with the subject salesforce.com security token confirmation which will contain a Security Token in the email. That's your security_token.

To be honest, the security_token kwarg is more a convenience than anything. In the normal email/password/token flow that most users rely on what is actually being sent is email as the login and {password}{security_token} as the password. I believe you could concat that yourself and just pass in a email and password kwarg if you want, but I figured forcing people to concat the password and token themselves would get go against the simple part of simple-salesforce

Pepito answered 30/11, 2014 at 3:56 Comment(2)
For long-lived connections, how do you test a Salesforce object to make sure the session is still valid, since there is no disconnect?Poetess
@NicholasTulach See these GH issues on some methods to test that, github.com/simple-salesforce/simple-salesforce/issues/272 github.com/simple-salesforce/simple-salesforce/issues/269Desdee
V
7

There is a way to log in with simple-salesforce with only a username and password. No security token required:

from simple_salesforce import Salesforce, SalesforceLogin

session_id, instance = SalesforceLogin(username='<user>', password='<pass>')
sf = Salesforce(instance=instance, session_id=session_id)
# Logged in! Now perform API actions, SOQL queries, etc.
sf.query_all('<soql>')

Explanation

All examples using simple-salesforce begin with a call to the Salesforce constructor to log in. This constructor accepts either an existing session ID, or authentication credentials to log in and make a new session. When logging in, it calls the lower-level SalesforceLogin function to do the real work, but interestingly SalesforceLogin does not enforce the same constraints on its arguments—it issues the correct SOAP call to log in with just a username and password, without requiring a token or organization ID.

Using this trick, we call SalesforceLogin directly, obtain the new session ID, then pass it directly into the Salesforce constructor. From that point on, we are able to make authenticated API requests.

Note

The version of simple-salesforce on PyPI (i.e. pip install simple-salesforce) is very outdated with the simple-salesforce GitHub repository. The latest version supports additional login parameters like domain for login with custom domains. To get the latest version, use

pip install --upgrade https://github.com/simple-salesforce/simple-salesforce/archive/master.zip

(Pip-installing from zip is faster than using git+ssh:// or git+https://, as noted in this answer.)

Vierno answered 3/4, 2018 at 2:29 Comment(0)
P
3

Edit

How will resetting my password show me what the token is?

It just will. If user has ever before requested the security token (which is sent to you via email - so you need to have access to the email address associated with your user) - every subsequent password reset will result with new token being generated and emailed to you. On top of that, once you're logged in to the system (to the web version, not via API) you will have an option to reset your token (and again, this will send you an email).

It's like you haven't read or tried anything we have written!

Looking for an answer drawing from credible and/or official sources.

https://help.salesforce.com/htviewhelpdoc?id=user_security_token.htm

https://help.salesforce.com/HTViewSolution?id=000004502

https://help.salesforce.com/HTViewSolution?id=000003783

And from the library's documentation:

https://github.com/neworganizing/simple-salesforce

To login using IP-whitelist Organization ID method, simply use your Salesforce username, password and organizationId

This. If your IP address is whitelisted - you don't need the token. If it isn't - you NEED to generate the token. Period.

Original answer

I'm not familiar with that Python library but... Go to Salesforce -> Setup -> My personal infromation and check login history. if it contains stuff like "failed: security token required" then you're screwed and you will have to use the security token.

I'm not aware of any bypass that uses org id (I've connected via API from PHP, Java, C#... so I'd be very surprised if that Python library had some magical way to bypass it. You probably are used to passing a session id that assumes you're already authenticated and have a valid session.

Another option would be to check your IP and add it to trusted IP ranges (it's an option in the setup). It's useful when for example whole office has same static IP; less useful if you're working from home.

If that's also a no-go - you might want to look for libraries that use OAuth2 instead of regular SOAP API to authenticate.

Patinated answered 5/8, 2014 at 18:56 Comment(5)
I have read and tried things you have suggested. I don't have the link for login history and I reset my password and received no email from Salesforce. My question was specifically about logging in with the organization ID (see my question and code). It's not working and I was looking for help with that specifically.Glimp
Org id is useless for purposes of login via API. I have no idea what does this Python library uses it for, perhaps to try to figure out whether it should be login.salesforce.com or test.salesforce.com. But the SF APIs don't require you to pass it so it beats me why that lib's author thinks he needs it. If you navigate to your user's detail page and check related list (if your org uses Chatter you need to find "advanced user details") - you really don't see the login history there? Weird.Patinated
No I don't. Strange. Thanks for following up.Glimp
Can you check your Profile? Are you on standard System Administrator profile or on something custom? help.salesforce.com/HTViewHelpDoc?id=users_login_history.htmPatinated
The documentation isn't great, there is a lot of it, so its difficult to find what you need. Things are named inconsistently. Why is a client id in the oauth docs named a consumer key for example?Chappelka
H
3

Although this is kinda late, somebody searching for this very same issue may be helped as to what I did.

I struggled by adding the company ID as well, but the problem here is, unless you're a self-service user, the company ID can be blank. 

sf = Salesforce(password='password', username='email', organizationId='')

As other users mentioned, make sure you're using IP-White listing or it will not work.

Highbrow answered 5/1, 2016 at 22:45 Comment(2)
Oh my! Even when I have an organization ID in my sandbox I have to pass empty string. Why?!? Thanks a million;)Chaudfroid
Amazing! I have tried all kinds of things, it's been horrible and an empty string saved me! Thanks..Circumcise
O
1

A security token is an automatically generated key that you must add to the end of your password in order to log into Salesforce from an untrusted network. For example, if your password is mypassword, and your security token is XXXXXXXXXX, then you must enter mypasswordXXXXXXXXXX to log in. Security tokens are required whether you log in via the API or a desktop client such as Connect for Outlook, Connect Offline, Connect for Office, Connect for Lotus Notes, or the Data Loader.

To reset your security token:

  • At the top of any Salesforce page, click the down arrow next to your name. From the menu under your name, select Setup or My Settings—whichever one appears.
  • From the left pane, select one of the following:
    • If you clicked Setup, select My Personal Information | Reset My Security Token.
    • If you clicked My Settings, select Personal | Reset My Security Token.
  • Click the Reset Security Token button. The new security token is sent via email to the email address on your Salesforce user record.
Outspeak answered 8/8, 2014 at 0:8 Comment(4)
I don't have the rest security token option. I think my company disabled it. How can I log with sforce connector with the same password I use on the website?Glimp
user2242044 you cannot login without security token.Fluoride
Your company is probably restricting the IPs that can log in from. It is not possible to disable security tokens.Outspeak
If you have IP restrictions enabled you should use an empty string '' as the security token. Salesforce automatically accepts this as valid if you have IP restrictions enabled. Technically it means you only need username + password, but through simple-salesforce the "value" of the security token is required to be not None and the empty string satisfies that.Desdee
F
1

If you ip is whitelisted / trusted and you still get invalid login not using the token, You MUST include the security_token='' in the connection string for it to work.

sf = Salesforce(username='USERNAME', password='PASSWORD', security_token='')
Faunus answered 14/2, 2019 at 23:10 Comment(0)
F
0

A security token is required to login. Whenever your password is reset, your security token is also reset. If you do not have a token and cannot reset it. Try changing your password.

Thanks.

Fluoride answered 8/8, 2014 at 13:55 Comment(2)
How will resetting my password show me what the token is? Also as a follow up on my other question you responded to, how does sforce connector get a security token if when logging in I just type my password?Glimp
How will resetting my password show me what the token is? You will get an email with security token.Fluoride
C
0

I was able to test that this was working with my security token against a developer org with no issues. This was all done as a standard user with no administrator privileges. Using the OrgId just failed out.

By resetting my password I received a new security token.

username = login for your instance. password = your password

The code below should get you logged in.

from simple_salesforce import Salesforce

sf = Salesforce(username='username',password='password', security_token='whatever came in reset password')

Cavender answered 20/8, 2014 at 16:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.