Home / Errors / INVALID_SESSION_ID
Runtime Error

INVALID_SESSION_ID

Salesforce rejected the request because the session ID used for authentication is invalid, expired, or malformed.

error

INVALID_SESSION_ID: Session expired or invalid

What does this error mean?

This error occurs when an API call or integration attempts to access Salesforce using a session ID that is no longer valid.

Salesforce sessions expire for security reasons or become invalid when authentication tokens are revoked.

Common Causes

1. Expired session token

Session IDs expire after inactivity or when the login session ends.

2. Incorrect OAuth token

The integration may be using an invalid or revoked access token.

3. Environment mismatch

Using a session ID from a sandbox in a production endpoint (or vice versa).

4. Session revoked by security policies

IP restrictions or session policies can invalidate sessions.

How to Fix It

Solution 1 — Re-authenticate

Log in again to generate a new session ID.

Solution 2 — Refresh OAuth token

HTTP 

POST /services/oauth2/token
grant_type=refresh_token
client_id=YOUR_CLIENT_ID
client_secret=YOUR_SECRET
refresh_token=YOUR_REFRESH_TOKEN

Solution 3 — Verify API endpoint

Ensure your request is sent to the correct Salesforce instance URL returned during login.

Solution 4 — Use Named Credentials

Named Credentials automatically handle authentication and token refresh.

lightbulb

Pro Tip: Always use OAuth or Named Credentials for integrations instead of hard-coding session IDs.