I've been using about 10 different Salesforce REST API v51.0 for a few months now and this morning they started to throw a 401 error.
I can log in to the server just fine, but cannot call any API's.
Any suggestions?
Hi @Scott Trick
,
A sudden 401 Unauthorized on all REST API calls usually means an authentication or access change, not an API outage.
Here are the most common things to check:
1. Connected App / OAuth token invalidated
Salesforce can invalidate tokens if:
- The Connected App was modified (policies, scopes, IP relaxation)
- OAuth refresh tokens were revoked
- The user’s password was reset (this invalidates existing tokens)
Try re-authenticating and generating a new access token.
2. IP Relaxation or Network changes
If your Connected App is set to:
- “Enforce IP Relaxation” and the calling server’s IP changed, Salesforce will return 401.
Verify:
- Connected App → OAuth Policies
- Trusted IP ranges (Org + Connected App)
3. User permissions or status
Check the API user:
- Still Active
- Still has API Enabled permission
- Profile / Permission Set wasn’t changed
- License not downgraded or expired
Even if UI login works, missing API Enabled causes 401 for REST calls.
4. Token expiration handling
Access tokens expire.
If your integration isn’t correctly using the refresh token flow, API calls will suddenly fail.
Confirm your integration:
- Refreshes tokens automatically
- Uses the correct OAuth grant type
5. My Domain or Login URL change
If your org enforced My Domain login:
- Old login.salesforce.com tokens may stop working
- You must authenticate via the My Domain URL
