API_DISABLED_FOR_ORG: API is not enabled for this Organization or Partner
The org's edition or the user's profile doesn't include API access. Most often this is a Professional Edition org without the API add-on, or a profile (typically Standard User) where "API Enabled" was unchecked.
Also seen asAPI_DISABLED_FOR_ORG·API is not enabled for this Organization·API_DISABLED_FOR_ORG: API is not enabled
A two-line check usually solves this. Salesforce gates API access at two levels — the org edition and the individual user's profile.
Level 1: edition
API access is included in:
- Enterprise Edition, Unlimited Edition, Performance Edition, Developer Edition
- Specific industry clouds (Health Cloud, Financial Services Cloud) at their licensed editions
- Professional Edition with the API Access add-on purchased
API access is not included by default in:
- Professional Edition (without the add-on)
- Essentials Edition
- Group Edition
If the org is one of those, the only fix is purchasing API access from your Salesforce AE. There's no toggle.
Level 2: profile permission
Even on an API-enabled org, individual users need the API Enabled permission. In Setup → Profiles → the user's profile → System Permissions, look for API Enabled.
For users on the Standard User profile, this permission is on by default. For the Solution Manager, Marketing User, Contract Manager, and most read-only / minimal-access profiles, it's off. Either:
- Add the user to a permission set that grants
API Enabled(preferred — keeps the profile minimal). - Switch the user's profile to one that has it.
- Edit the profile to enable it (least preferred — modifies a shared profile that may apply to many users).
When the user is a Customer Community user
Community users have a separate quirk: even with API Enabled on the profile, API access is restricted unless the Customer Community Login or Customer Community Plus Login license includes the API access bit. If you bought a starter Community license, API calls from those users will fail with this error regardless of profile.
Diagnosis in 30 seconds
# Try the lightest possible API call from your integration:
sf data query --query "SELECT Id FROM User WHERE Id = '$USER_ID'" --target-org PROD
If that fails with API_DISABLED_FOR_ORG, the user can't make API calls at all. If it succeeds but a heavier call fails, the issue isn't this — look at scoped permissions or specific endpoints (Bulk API, Streaming API may have their own enable flags).
A subtler version: apiActive on User
The User.apiActive field can be flipped off for a user even if their profile has API Enabled. It's used to throttle abusive integrations. If you see this error for a user who should have access, query their User record:
SELECT Id, IsActive, ApiActiveCount, ApiCallsForLastHour FROM User WHERE Id = ...
If IsActive = false, the account itself is deactivated. If ApiCallsForLastHour is at the cap, you're being rate-limited and the next hour will release you.