After Summer ’17, Salesforce disabled it while using in Lightning Domain to enforce the security measures.
Solution – Named Credential
Use Named Credential to get the session id.
- First, Create a connected app with oAuth, select refresh_token (at a min) for the oAuth scope.
- Second, Create an auth provider of the salesforce type. Give it the oauth consumer key and consumer secret that you got when you created the connected app.
- Finally, create a Named Credential using oauth, and your auth provider. When you save the named credential, it will prompt you to log in to a SF org.
Once you’ve logged in there, the refresh token is saved and used by the named credential. From there, you can make callouts to access data. Note whatever user you login as there is the user your api calls will run as.