I’ve seen a lot of FUD around the new MFA requirements from Salesforce. Understandable, given there are many people tasked with managing this who do not have experience in managing it.
One common question is around API integrations and how to do MFA. While this can (and in some situations, should) be done, it is not required.
From Salesforce Multi-Factor Authentication FAQ:
Publish Date: Dec 13, 2021
How will Salesforce exclude MFA-exempt user types from auto-enablement and enforcement?
There are several user types, including API/integration, automated testing, and RPA accounts, that aren’t required to use MFA. We’re currently working on plans for how customers can exclude these types of users from future auto-enablement and enforcement milestones. We’ll update this FAQ and your products’ documentation when more information is available.
So, in conclusion just set it up with a Salesforce Platform User License, generate a token for that user, then use the APIs to login or login with username and Password+security token, depending on the application.
Scott S Nelson
© Scott S. Nelson