API access with no password expiration

When you create an API integration package, you may want to have it run by an account whose password never expires.

By default the applications that connect to Salesforce.com via the API require a username, a password and a token. How would you set this up, so that the credentials do not expire?

1. Create a profile for your API user
1. Ensure the API checkbox is checked.
2. Ensure password not expire checkbox is checked.
3. Set other security options required by your application.
2. Create a user you will use for the API logins and assign it to this profile.
3. The application should run on a computer in a trusted IP address range (it could be located inside your network, on a trusted ISP, or it may connect to the network using a VPN).
1. Login in via the API from the computer where the application is installed
2. Check the IP address used here (Setup > Personal Setup > My Personal Information > Personal Information > Login History (Related List))
3. Ensure that IP address is in a range defined here (Setup > Administration Setup > Security Controls> Network Access > Trusted IP Range Edit)

By executing the step #3, we are avoiding the use of a security token. This is still secure, because we are specifying the IP range of the computer where we know the application will always execute.