Notes on Salesforce.com’s AppExchange Certification Process

Continuing with yesterday’s post on Getting the Most out of Salesforce.com’s Dreamforce ’13 Conference, there’s another Salesforce.com topic that I’ve received a number of questions about over the years: the AppExchange Certification process. Salesforce.com takes their marketplace very seriously with a heavy focus on security and value. Most companies go through the process of getting on the AppExchange to have the social proof and marketing of an approved Salesforce.com product as well to gain access to Professional edition customers (without certification, apps can’t access Salesforce.com data unless the Salesforce.com account is Enterprise edition or pays extra for API access).

Here are a few notes on Salesforce.com’s AppExchange certification process:

  • Plan on it taking 3-4 months, so if it’s on the horizon, but isn’t immediate, go ahead and start it now
  • Run the app through several security testing programs, especially ones for cross-site scripting and SQL injection
  • Justify the value of the application and figure where it fits in the Salesforce.com ecosystem as the reviewers reject a number of applications for not adding value
  • Know that even with a certified app, there’s often work to be done on the Salesforce.com customer side to make the integration smooth (e.g. the one click installs add a variety of functionality but the Salesforce.com user often has to change other security and permission settings to make things fully functional, so it isn’t as simple as installing an app on an iPhone)

The Salesforce.com AppExchange certification process is more thorough than might be expected for a marketplace of over 1,000 apps. Plan accordingly for it and everything will go smoothly.

What else? What are some other notes on Salesforce.com’s AppExchange certification process?

One thought on “Notes on Salesforce.com’s AppExchange Certification Process

  1. Hi David – I was interested in your suggestion of using several security testing programs for cross-site scripting and SQL injection. Can you name the ones you use?

    Thanks, Megan Holbrook

Leave a Reply to Megan Holbrook Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.