Genesys Cloud - Developer Community!

Greetings, our Salesforce team announced that the OAuth 2.0 username-password flow grant will no longer be supported in their Winter '27 release, which is later this year. 

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_username_password_flow_retirement.htm&release=260&type=5

The current Salesforce Integration used for data actions utilizes this Auth flow.

Add a data actions integration - Genesys Cloud Resource Center

How can our org best prepare for this retirement? Do we need to create a Web Services integration for Salesforce, or will the existing data action integration be updated to use alternative auth credentials?

Hi Meg,

This is a very important topic, and many customers using Genesys Cloud Data Actions with Salesforce will likely need to revisit their integration architecture before the Salesforce Winter '27 retirement of the OAuth username-password flow.

Current situation

You are correct:

• the native Salesforce Data Actions integration currently relies on the OAuth username-password grant flow
• and Salesforce has announced retirement of that authentication method

What to expect

As of today, I have not seen official confirmation yet on whether Genesys will:

• update the native Salesforce integration to support another OAuth flow
  or
• deprecate/replace the current approach

So I would strongly recommend planning proactively instead of waiting for the platform change.

Recommended preparation strategy

The safest long-term architecture is likely:

• Web Services Data Actions
• plus middleware/API layer
• authenticated through Salesforce Connected App / External Client App

using modern OAuth patterns such as:

• JWT Bearer Flow
• Client Credentials Flow

Why this is the safer direction

It gives you:

• independence from the native connector auth model
• centralized token lifecycle management
• better security posture
• easier future Salesforce auth changes

Typical production pattern

Genesys Data Action
→ Middleware/API Gateway
→ Salesforce Connected App
→ Salesforce APIs

This also avoids embedding:

• usernames
• passwords
• security tokens

inside the integration configuration.

My recommendation

I would start:

1. Inventorying all current Salesforce Data Actions
2. Identifying dependencies on the native Salesforce integration
3. Evaluating migration to:
   • Web Services Data Actions
   • middleware-based OAuth architecture

especially for critical production integrations.

At the moment, that appears to be the most future-proof approach until Genesys publishes an official migration/update strategy for the native Salesforce integration.

Greetings, our Salesforce team announced that the OAuth 2.0 username-password flow grant will no longer be supported in their Winter '27 release, which is later this year. 

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_username_password_flow_retirement.htm&release=260&type=5

The current Salesforce Integration used for data actions utilizes this Auth flow.

Add a data actions integration - Genesys Cloud Resource Center

How can our org best prepare for this retirement? Do we need to create a Web Services integration for Salesforce, or will the existing data action integration be updated to use alternative auth credentials?

Thank you for the thorough response, Gabriel! We will start exploring those other solutions you provided.

Hi Meg,

This is a very important topic, and many customers using Genesys Cloud Data Actions with Salesforce will likely need to revisit their integration architecture before the Salesforce Winter '27 retirement of the OAuth username-password flow.

Current situation

You are correct:

• the native Salesforce Data Actions integration currently relies on the OAuth username-password grant flow
• and Salesforce has announced retirement of that authentication method

What to expect

As of today, I have not seen official confirmation yet on whether Genesys will:

• update the native Salesforce integration to support another OAuth flow
  or
• deprecate/replace the current approach

So I would strongly recommend planning proactively instead of waiting for the platform change.

Recommended preparation strategy

The safest long-term architecture is likely:

• Web Services Data Actions
• plus middleware/API layer
• authenticated through Salesforce Connected App / External Client App

using modern OAuth patterns such as:

• JWT Bearer Flow
• Client Credentials Flow

Why this is the safer direction

It gives you:

• independence from the native connector auth model
• centralized token lifecycle management
• better security posture
• easier future Salesforce auth changes

Typical production pattern

Genesys Data Action
→ Middleware/API Gateway
→ Salesforce Connected App
→ Salesforce APIs

This also avoids embedding:

• usernames
• passwords
• security tokens

inside the integration configuration.

My recommendation

I would start:

1. Inventorying all current Salesforce Data Actions
2. Identifying dependencies on the native Salesforce integration
3. Evaluating migration to:
   • Web Services Data Actions
   • middleware-based OAuth architecture

especially for critical production integrations.

At the moment, that appears to be the most future-proof approach until Genesys publishes an official migration/update strategy for the native Salesforce integration.

Greetings, our Salesforce team announced that the OAuth 2.0 username-password flow grant will no longer be supported in their Winter '27 release, which is later this year. 

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_username_password_flow_retirement.htm&release=260&type=5

The current Salesforce Integration used for data actions utilizes this Auth flow.

Add a data actions integration - Genesys Cloud Resource Center

How can our org best prepare for this retirement? Do we need to create a Web Services integration for Salesforce, or will the existing data action integration be updated to use alternative auth credentials?