Notes on’s AppExchange Certification Process

Continuing with yesterday’s post on Getting the Most out of’s Dreamforce ’13 Conference, there’s another topic that I’ve received a number of questions about over the years: the AppExchange Certification process. takes their marketplace very seriously with a heavy focus on security and value. Most companies go through the process of getting on the AppExchange to have the social proof and marketing of an approved product as well to gain access to Professional edition customers (without certification, apps can’t access data unless the account is Enterprise edition or pays extra for API access).

Here are a few notes on’s AppExchange certification process:

  • Plan on it taking 3-4 months, so if it’s on the horizon, but isn’t immediate, go ahead and start it now
  • Run the app through several security testing programs, especially ones for cross-site scripting and SQL injection
  • Justify the value of the application and figure where it fits in the ecosystem as the reviewers reject a number of applications for not adding value
  • Know that even with a certified app, there’s often work to be done on the customer side to make the integration smooth (e.g. the one click installs add a variety of functionality but the user often has to change other security and permission settings to make things fully functional, so it isn’t as simple as installing an app on an iPhone)

The AppExchange certification process is more thorough than might be expected for a marketplace of over 1,000 apps. Plan accordingly for it and everything will go smoothly.

What else? What are some other notes on’s AppExchange certification process?

One thought on “Notes on’s AppExchange Certification Process

  1. Hi David – I was interested in your suggestion of using several security testing programs for cross-site scripting and SQL injection. Can you name the ones you use?

    Thanks, Megan Holbrook

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.