Salesforce Automation & Security Changes: What Admins Need to Know

Salesforce is continuing a long-term platform cleanup focused on security, performance, and maintainability. Two major initiatives are happening in parallel:

  1. Deprecation of legacy automation tools

    • Workflow Rules

    • Process Builder

  2. Removal of Session IDs from Outbound Messages

These changes mainly affect very old Salesforce implementations that were built before modern standards like Flow, OAuth, and Named Credentials became best practice.

Workflow Rules & Process Builder Deprecation

Salesforce has officially announced that Workflow Rules and Process Builder are being retired in favor of Salesforce Flow.

What this means for older orgs:

  • Existing workflows and process builders will continue to run for now

  • Creation of new Workflow Rules and Process Builders is already restricted

  • Future platform changes will increasingly assume Flow-based automation

Very old implementations often used:

  • Workflow Rules triggering Outbound Messages

  • Process Builder invoking integrations indirectly

  • Session ID–based authentication patterns

These patterns are now considered legacy and insecure.

Removal of Session IDs from Outbound Messages

Salesforce has also announced that session IDs will no longer be included in Outbound Messages, starting February 16, 2026.

Key points:

  • The “Send Session ID” option will be removed

  • Outbound Messages will no longer contain session IDs

  • Salesforce recommends OAuth access tokens instead

This change directly impacts integrations that:

  • Depend on session IDs for authentication

  • Use Outbound Messages as a core integration mechanism

How This Affects Very Old Salesforce Implementations

If your org was implemented many years ago, you may still have:

  • Workflow Rules calling Outbound Messages

  • Process Builders triggering external systems

  • Integrations that expect a session ID to be passed automatically

These setups will eventually break or stop being supported and should be modernized.

Impact on Axy7 Currency Updater

Currency Updater is not affected by any of these changes.

Why:

  • The Outbound Message named “CallCurrencyUpdater” belongs to a deprecated integration path that Currency Updater stopped using in 2020

  • Current versions of the app use OAuth-based API calls

  • No business logic, scheduling, or authentication depends on:

    • Workflow Rules

    • Process Builder

    • Outbound Messages

    • Session IDs

Currency Updater already follows Salesforce’s modern security and automation standards.

Full technical explanation:
https://axy7.com/faq-items/impact-of-salesforce-removing-session-ids-from-outbound-messages/

Optional Cleanup for Admins

No action is required, but admins may choose to:

  • Disable “Send Session ID” on the old outbound message

  • Remove the outbound message entirely

This is safe and will not affect Currency Updater.

Summary for Salesforce Admins

  • Salesforce is retiring Workflow Rules and Process Builder

  • Session IDs will be removed from Outbound Messages in 2026

  • These changes mainly impact very old Salesforce implementations

  • Axy7 Currency Updater already uses modern, secure patterns

  • No upgrade or configuration change is required

If you want help reviewing legacy automation in your org, contact us at support@axy7.com.

Related Posts

Release Notes: Version v65.5 – Winter 26 – Free Edition
Gallery

Release Notes: Version v65.5 – Winter 26 – Free Edition

Currency Updater Free Edition
Introducing Axy7 Currency Updater for Salesforce – Free Edition
Gallery

Introducing Axy7 Currency Updater for Salesforce – Free Edition

The Day the Dollar Lied: Why Historical Exchange Rates Matter in Salesforce
Gallery

The Day the Dollar Lied: Why Historical Exchange Rates Matter in Salesforce