How To Block Salesforce Access To Browser Extensions Like Salesforce Inspector 

There are many tools available in the market today to ease the work of Salesforce admin and developers. Some of the tools are available in browsers they use like Chrome, Edge etc... These tools are called extensions, and they can be added from the respective web store of the browser. 

Some of the Salesforce extensions like Salesforce Inspector and Salesforce Organizer are widely used around the world. These extensions help to increase productivity by reducing the time taken for completing tasks considerably. 

But these extensions have also come with a major risk of security threat to the customer data. Some of them are from well-established organizations which follow all security measures and are safe to use. But some of the extensions are developed by the anonymous Individuals. 

So, there will not be any documents available for the security measures and the protocols taken by developer when developing these extensions. These extensions must be used securely to avoid the security threat for customer data. 

In this blog we are going to see how to limit or block Salesforce access to browser extensions. We are going to particularly concentrate on limiting access to one of the widely used extensions Salesforce Inspector.

Salesforce Inspector 

Salesforce Inspector is one of the most widely used tools across regions. It is used for Export and Import the data in Salesforce. It has options like Export/Import to/from excel sheet(xls) and csv file formats. As it has extensive access to Salesforce org data's, limiting access to it is important to keep the data secure. 

Block Access to Salesforce Inspector 

Salesforce Inspector works by making API calls with Salesforce standard REST API for doing the DML operations. The only way to restrict inspector access is by restricting the API calls from the Salesforce Inspector.  

But unfortunately, there are no ways to restrict the API access particularly for Salesforce Inspector. We must restrict complete API accesses made to the Salesforce org. It will block all extension access as well as existing API calls made to Salesforce. But don’t worry, access can be given to necessary API calls from other systems by using the connected apps which will be discussed in detail in next blog. 

To block API access, we need an option in the setup named API access control. But this setting will not be available in your org, because this is not enabled by the Salesforce as default. We must make a request to Salesforce to enable this feature in Sandbox and Production environment. My suggestion is to enable in sandbox first, Implement and test completely. Then enable it in the production. 

Enable the API Access Control Feature 

1. Go to get the support page from the home screen. 

2. Create Salesforce support case.  

   

    

3. Explain your need for API access control feature. 

4. Give them the sandbox details and they will enable the feature. 

5. Once the feature is enabled, Go to setup and search API. 

6. You will see the API access control feature. 

   

    

7. Click edit and check the For admin-approved users, limit API access to only allow listed connected apps. 

8. If you don't want VF pages to be affected by this restriction, then check Allow Visualforce pages to access APIs. 

Test the Inspector 

Once you have enabled this setting then it is time to test the access of the Salesforce Inspector. 

1. Log in to your Sandbox and click the Salesforce Inspector. 

2. Click Data Export, add a query and click Export. 

You will see error in inspector stating, UNEXPECTED EXCEPTION: Unauthorized: This session is not valid for use with the REST API. 

Conclusion

By implementing the above steps, you have successfully restricted access to the all-browser extensions as well as API call made from external system to Salesforce. We will detailly see how to give access only to the particular users and external system to access Salesforce through API calls in the next blog.