Contact
Privacy
Legal Notice - Impressum
Career
News
The Salesforce Summer '26 release introduces API version 67.0, along with a significant shift in Apex security defaults, a broad retirement of legacy API versions, and expanded support for AI-driven integration patterns.
The Apex security model changes in API version 67.0 represent one of the most impactful behavioral shifts in recent releases. Integration teams should plan for the retirement of older API versions and validate existing code against the new defaults.
Salesforce has announced the deprecation and retirement of Platform API versions 31.0 through 40.0, affecting Bulk API, SOAP API, and all REST APIs beneath /services/data/vXX.X/. After deprecation in Summer ’27, these versions will no longer receive security updates or bug fixes. Full retirement follows in Summer ’28, at which point calls to versions 31.0 through 40.0 will fail. All integrations must be on API version 41.0 or later to remain operational.
The SOAP API login() call in versions 31.0 through 64.0 will be retired in Summer ’27. After retirement, applications relying on these versions will receive an error indicating the endpoint has been deactivated. Customers and partners must migrate to External Client Apps before enforcement. A test run in Setup helps identify impacted integrations early.
API version 67.0 introduces a secure-by-default paradigm that changes three areas of Apex behavior.
with sharing mode. Previously, omitted declarations defaulted to without sharing. WITH SECURITY_ENFORCED SOQL clause is removed in API version 67.0 and later. Developers must replace it with WITH USER_MODE, which supports polymorphic fields and returns the full set of access errors. The release update requiring API traffic to use an org’s My Domain login URL instead of instance-based endpoints has been postponed from Spring ’26 to Winter ’27. Testing is available in Setup after June 18, 2026.
Summer ’26 introduces platform-level enhancements that expand authentication options and lay groundwork for AI-driven integrations.
Salesforce-hosted Model Context Protocol (MCP) servers are now generally available. Any MCP-compatible AI client can connect to a Salesforce org using standard OAuth authentication, accessing sObject operations, Data 360 queries, Tableau analytics, and product APIs. Custom tools can be built from existing Apex actions, flows, and named queries without writing integration code.
The Named Query API allows developers to define and expose custom SOQL queries as scalable actions for REST API clients and AI agents, with better retrieval performance than equivalent Flow or Apex-based processes.
SOAP API now accepts JWT-based access tokens from Salesforce OAuth flows, bringing authentication parity with the REST API. A new Any API Auth permission lets administrators control which users can authenticate using SOAP API login(), enforced by default in newly created orgs.
GraphQL API adds two field reference patterns for mutation chaining: @{ref.Record.Id} for record ID references and @{ref.Record.FieldName.value} for field references, making multi-object creation in a single request more practical.
A new SET OPTIONS clause in SOQL lets developers specify Data 360 dataspaces and control how NULL and empty string values are handled when querying Data 360 data lake objects.
The Developer Preview Apex integration tests support real callouts to Data 360, enabling validation of live query behavior without mocked callouts.
Connect REST API calls now count against a single shared org-wide limit, refreshed every 24 hours, replacing the previous per user, per application, per hour ceiling. The practical effect is more predictable capacity for integrations that involve multiple users or applications. The one exception is requests that touch Chatter functionality, which remain on the older rate limit model.
Salesforce to Salesforce is a native feature that allows two Salesforce orgs to share records directly without a middleware layer. Salesforce is retiring it in two stages. Summer '26 ends active support, no new orgs can enable it and no fixes or updates will be delivered. Spring '27 is when the feature stops functioning entirely, at which point any org-to-org connection built on it will break.
Integrations must move to one of four supported alternatives before Spring '27: Partner Cloud or Data Cloud One for native Salesforce org-to-org data sharing, MuleSoft Anypoint for full integration platform capability, or MuleSoft for Flow for teams that prefer a flow-based approach without dedicated integration developers.
The Toolkit API for Salesforce Voice provides APIs, methods, and events to build and customize voice-enabled LWC or Aura components, covering call actions, telephony lifecycle events, and real-time call data. Now fully supported on Agentforce Contact Center in addition to existing telephony models.
Two new Unified Routing capabilities extend Salesforce Voice with Partner Telephony. The Route Voice Call API transfers active calls to Omni-Channel flows for intelligent routing. The Request Callback API allows customers to request a callback instead of waiting on hold.
A new server-side endpoint allows agent work items in Bring Your Own Channel to be closed programmatically via PATCH /api/v1/agentWork in the Interaction Service API, ending active Messaging sessions or skipping After Conversation Work. Previously, closing agent work required client-side mechanisms only.
Marketing Cloud Engagement adds hosted MCP server support, rolling out from July 2026. Any MCP-compatible AI application can connect to Marketing Cloud Engagement and use core API capabilities as tools that AI agents can call to automate marketing operations.
MuleSoft introduces API Catalog for Salesforce, a centralized hub for managing APIs and MCP servers from sources including MuleSoft, Heroku, and Apex. Teams can create connections, activate actions for Salesforce automations, and manage Salesforce MCP servers. MuleSoft MCP servers can also be synced directly for use in Agentforce.
Revenue Management carries the most extensive Connect REST API changes in Summer ’26, spanning product catalog, pricing, billing, and contracts.
New Connect REST API endpoints in Product Catalog Management allow developers to retrieve and search product classification IDs and add product variants to a quote or order. In Product Discovery, a new resource executes configuration rules and returns constraint messages in the API response, enabling real-time validation during the discovery phase.
The Create Standalone Billing Schedules API now accepts simplified, intent-based payloads for amendments, renewals, and cancellations, with Billing computing missing field values from historical context automatically. A new Usage Management endpoint activates usage products and all related records in a single API request. Changed Connect REST APIs also cover Salesforce Pricing, Product Configurator, Transaction Management, Advanced Approvals, Dynamic Revenue Orchestrator, and Salesforce Contracts.
with sharing, and removes WITH SECURITY_ENFORCED. Any Apex code relying on previous defaults requires review before upgrading. For full details, consult the official Summer '26 Release Notes (API v67.0) on Salesforce Help.
To explore related topics and stay current with Salesforce developments, the following resources provide additional context and practical insight: