Salesforce “Use Any API Client” Permission Changes: Sisense Impact & Migration Guide

Overview

Salesforce has announced changes to the “Use Any API Client” user permission, starting the week of December 8th.

This document provides:

  • Verification of Sisense compatibility with the Salesforce change

  • A validated, step-by-step migration path

  • Guidance for customers currently using the deprecated permission

Impact Assessment

Sisense provides a built-in Salesforce connector that authenticates using a Salesforce username, password, and security token. See Connecting to Salesforce.

To assess the impact of the deprecation, Sisense has validated the full connection lifecycle with the “Use Any API Client” permission disabled in Salesforce.

Validation Results:

✔ Sisense connections to Salesforce continue to work without the “Use Any API Client” permission.

✔ Creating new connections, building data models, and loading dashboards all work as expected.

✔ No code changes to the Sisense Salesforce connector are required.

This means that customers can continue using the Sisense Salesforce connector after removing the deprecated permission, provided they switch to a user configured under the supported authentication flow.

Confirmed Supported Authentication Flow (Without “Use Any API Client”)

Sisense validated the following end-to-end process using a Salesforce user without the deprecated permission:

  1. Create a new Salesforce user.

  1. Set the password either through the user invitation or via admin-initiated password reset.

  1. Generate a Security Token:

  • Admin selects Refresh Security Token

  • Token is delivered to the user’s email

  1. Create a new Sisense Salesforce connection:

  • Connection Type: Salesforce > Basic

  • Username: Salesforce user’s email

  • Password: The user’s password

  • Security Token: Token received by email

  1. Verify the connection:

  • Sisense connection test succeeds

  • Data model builds successfully

  • Dashboard based on the model renders correctly

This confirms that the Sisense connector relies only on standard username–password–token authentication, which remains fully supported by Salesforce.

Identifying Users Assigned the Deprecated Permission

Customers who want to remove the deprecated permission must first identify where it is applied. Salesforce provides SOQL queries for each case. See the Salesforce help article.

  • Explicit Users with “Use Any API Client” assigned

    Copy 
    SELECT AssigneeId, Assignee.Id, Assignee.Username
    FROM PermissionSetAssignment
    WHERE PermissionSet.PermissionsUseAnyApiClient = true

  • Profiles with “Use Any API Client” assigned

    Copy 
    SELECT Id, Name
    FROM Profile
    WHERE PermissionsUseAnyApiClient = true

  • Permission Sets with “Use Any API Client” assigned

    Copy 
    SELECT Id, Name
    FROM PermissionSet
    WHERE PermissionsUseAnyApiClient = true

Customers should run these queries to determine which users, including the user Sisense is currently using, are assigned the deprecated permission.

Migration Path for Existing Sisense Customers

This section applies to customers who:

  • Have Sisense connections or data models using Salesforce

  • Have the “Use Any API Client” permission enabled on the Salesforce user

After identifying affected users by running the SOQL queries above to determine which Salesforce users have the permission, transition to a configuration that does not require the deprecated permission.

The following options are supported:

Create a New Dedicated Salesforce Integration User (recommended)

  1. Create a new Salesforce user without the deprecated permission.

  2. Set password and refresh security token.

  3. In Sisense:

    1. Create a new test Salesforce connection using this user.

    2. Validate the connection - build a test data model.

  1. Once confirmed working:

  • Update existing Salesforce connections in Sisense to use the new user

    OR

  • Delete the legacy connection and replace it with the new one

This option avoids modifying existing permissions that may impact other integrations.

Remove the Deprecated Permission from the Existing User

Warning:

This option may cause unintended consequences, such as breaking changes, depending on what else uses that Salesforce user.

Ways to remove the deprecated permission from the existing user:

  • Remove “Use Any API Client” from the permission set assigned to the user

  • Modify the permission set which is assigned to the SFDC user used for Sisense connection to remove the permission

  • Create a new equivalent permission set without the deprecated permission and reassign it to the SFDC user used for the Sisense connection to replace the old one

Validate all integrations dependent on that user before making this change.