The API Report CardAPI Index
Salesforce

Salesforce API

Enterprise CRM Platform (Sales, Service, Marketing, Data Cloud, Agentforce) · salesforce.com

Salesforce exposes one of the largest API surfaces in software: REST, SOAP, Bulk, Streaming, Pub/Sub, GraphQL, and Metadata. Production access needs Enterprise Edition or a paid add-on on Professional, plus daily call caps. Three releases a year and version retirements demand upkeep.

Last verified: July 2026Marketing & Sales
API GRADE
A
VERIFIED JUL 2026

SCORECARD

ExistenceGOODREST, SOAP, Bulk 2.0, Streaming, Pub/Sub, GraphQL, Metadata, and Tooling APIs, currently at v67.0.
AccessGOODEnterprise Edition and above includes API access; Professional needs a paid add-on. Daily caps scale with licenses.
CoverageGOODSObject CRUD, SOQL and SOSL query, composite batching, and high-volume Bulk ingest and export.
AuthGOODOAuth 2.0 via Connected Apps: Web Server, JWT Bearer, and Client Credentials flows for server work.
Docs & DXGOODEvery API family is documented at developer.salesforce.com, with SFDX and CLI tooling for CI/CD.
StabilityGOODThree releases a year with versioned APIs; old versions retire on multi-release runways, so migrations recur.
MORE FROM THE REPORT CARD
Supergood: Salesforce shipped a real API. Most vendors don't; we ship near-native APIs for the rest.

Frequently asked questions

Salesforce scores A on the API Report Card. Salesforce exposes one of the largest API surfaces in software: REST, SOAP, Bulk, Streaming, Pub/Sub, GraphQL, and Metadata. Production access needs Enterprise Edition or a paid add-on on Professional, plus daily call caps. Three releases a year and version retirements demand upkeep.

Tried to integrate with Salesforce?
SOURCES
Daily API request limits, 24-hour caps based on edition + licenses; high-volume integrators routinely hit the ceiling and have to buy additional API call packs from Salesforce. developer.salesforce.com
Governor limits, per-transaction caps on SOQL queries (100), DML statements (150), DML rows (10,000), CPU time, heap size, and callouts apply to every Apex execution including triggers fired by Bulk API. Architecting around governor limits is a foundational Salesforce engineering skill. developer.salesforce.com
Eleven+ overlapping API families (REST, SOAP, Bulk, Streaming, Pub/Sub, GraphQL, Composite, Connect, UI, Metadata, Tooling) each with their own auth nuances, payload shapes, and rate-limit semantics, integrators routinely need three or four to do common jobs. sfdcdevelopers.com
Three releases per year (Spring/Summer/Winter) cause version drift, orgs run different API versions across sandboxes and production; behavior changes subtly between versions on the same SObject. developer.salesforce.com
Older API versions are periodically retired (notably v21.0-v30.0 retired in 2022, with v31-v64 SOAP login deprecation now scheduled through Summer '27), long-lived integrations silently break. doug-merrett.medium.com
OAuth Device Flow was eliminated entirely in September 2025 with no exceptions or extensions, integrations relying on it broke overnight. concret.io
'Allow any API Client' permission was deprecated in November 2025, breaking legacy SOAP API access patterns. doug-merrett.medium.com
Streaming/CDC delivery guarantees and replay-id semantics are subtle and have historically caused missed events for downstream consumers, Pub/Sub API was introduced partly to address this but adds gRPC complexity. developer.salesforce.com
Bulk API 2.0 job-state polling and chunk-failure handling require defensive job orchestration, silent partial failures are common. developer.salesforce.com
Metadata/Tooling API behavior differs from REST in style (XML payloads, deployment lifecycle, namespace handling) and is poorly suited to runtime data flows, a constant source of CI/CD friction. developer.salesforce.com
Sandbox-to-production parity is imperfect, integrations that pass in a sandbox can hit org-specific governor or sharing-rule edges in production. salesforceben.com
Per-product API surfaces (Pardot/MCAE v5, Marketing Cloud, Commerce Cloud SCAPI/OCAPI, Industries OmniStudio) are not unified with core REST, auth, base domains, headers, and pagination differ per product, forcing dual/triple-API integrations. developer.salesforce.com
API breaches frequently go undetected because malicious traffic looks like 'normal' usage to native logging; Event Monitoring and Shield are required (and separately licensed) to get per-call detail. salesforceben.com
Daily limit error responses (REQUEST_LIMIT_EXCEEDED, code 122 on Pardot, error code 66 on concurrent Pardot connections) halt all further calls until reset, there is no native backoff/queue at the platform level. developer.salesforce.com
Total cost of ownership is the #1 complaint, list prices ($25-$550/user/mo) are only the floor, real deployments add Sandbox, Data Cloud rows, API call packs, Agentforce conversations ($2/conv list), Service Cloud Voice minutes, Field Service licenses, Tableau seats, MuleSoft, and Slack on top. Salesforce raised most Enterprise and Unlimited Edition prices by 6% in August 2025. saascrmreview.com
Implementation and admin complexity, even moderate customization typically requires certified admins, Apex/LWC developers, and often a consulting partner; reviewers consistently flag the 'complexity tax' on G2, TrustRadius, and Capterra. capterra.com
Steep learning curve for end users, sales reps routinely complain about mandatory data-entry fields that don't drive value and about 'two weeks of training and still missing the wonderful things'. g2.com
Slow Lightning UI performance with heavy customization and many open console tabs, a perennial reviewer complaint. g2.com
Three releases per year (Spring/Summer/Winter) introduce frequent behavior changes, deprecations, and required migrations, orgs constantly running sandbox regressions. help.salesforce.com
Pricing transparency, list prices systematically understate true cost; published list prices apply only to Enterprise and above, with Professional and lower requiring sales conversations. method.me
Switching cost / migration friction, most-cited reason customers move to HubSpot is 25-40% lower TCO, faster implementation, higher adoption, but the data-model lock-in (custom objects, Apex, Flows, integrations) makes migration a multi-quarter project. sybill.ai
Apex/LWC developer shortage, Salesforce-certified engineers are scarce and expensive, creating bottlenecks for any non-trivial customization. capterra.com
Data Cloud row pricing and Agentforce per-conversation pricing add usage-based unpredictability on top of seat-based licensing, complicating budgeting. vantagepoint.io
'Sanctioned platform, unsanctioned usage', Salesforce drift, misconfigurations, unmanaged Connected Apps, and shadow integrations have become a major enterprise governance problem; security teams cannot see what is happening inside the org. scworld.com
Salesforce-related API breaches frequently go undetected because malicious API traffic looks like 'normal' usage to native logging. salesforceben.com