What is AppExchange?
The AppExchange is the world’s first on-demand application-sharing service. It provides a way to browse, test drive, share and install applications developed on Salesforce’s on-demand AppExchange platform. Partners, developers, and anyone else who chooses to participate can offer their Apps on the AppExchange directory. This directory gives Salesforce users an easy way to find and install applications to expand their use of the AppExchange platform to new areas of customer relationship management (CRM) and beyond.
Register as a Salesforce.com Partner
To do this, go to http://www.salesforce.com/partners/join/ and fill the form. You’ll receive by email a login to the Salesforce.com Partner Portal, which allows you to do all sorts of necessary things in the Partner lifecycle, like creating special org’s, logging partner support cases, and getting access to special training materials, etc.
Install License Management App
If you’ll be publishing apps on the AppExchange, install the free License Management App (LMA) app. With the LMA, you can automatically receive notification every time your package (app) is installed or uninstalled, thus letting you track users and easily notify them of any upgrades you publish.
Publishing an App on AppExchange
To make your app or consulting service available on the AppExchange, you must create a listing:
- Log into your AppExchange Publishing Organization (APO) or the organization you will designate as your APO once you log in.
- Create a provider profile.
- Create a new listing.
- If your listing is an app instead of a service, submit the app’s package for security review.
- After your app is approved, click Make Public to make your listing available to the AppExchange community. Public consulting services do not need a review.
Once you are signed up as a partner, create an AppExchange Publishing Org (APO). In the Partner Portal, you’ll see a big button at the top of the screen labeled, “Create A Test Org.” For org type, select “Partner Developer Org.” You will receive new credentials by email. Be sure to login and set your password before proceeding. Note that the system will pick a username for you. If you don’t like it, feel free to change it. The purpose of this org is to help you publish listings on AppExchange.
AppExchange Publishing Organizations operate on a hub and spoke model. The APO is the hub. It contains all of the information about your company but doesn’t contain any information about your apps. Apps should always be developed in an org other than your APO. When you are ready to publish an app, simply click on the “Your Organizations” link and add the developer edition where you package your app to your APO. Once you connect the org’s, you will be able to see information from your spoke org’s in your hub APO org.
Create a Provider Profile
Creating an AppExchange provider profile will allow you to list and publish your AppExchange App. People browsing your listings see the profile information on the Provider tab. You can also create a provider profile for your linked organizations although this profile will not be public. To create your AppExchange profile, log into your Partner Dev Org and click on the link provided on the detail page of your latest package; then click on the Start Publishing button to create your AppExchange provider profile.
Create a new Listing
Listings are the primary marketing tool for promoting your app or consulting service on the AppExchange. The more information you add to your listing, the more likely it is that users can find it.
Once you have an AppExchange Provider Profile, you can go to the Publishing tab, where you can create a new listing. A new listing is always private until the app passes the security review. While private, your app has a link on the AppExchange (which you can send to potential users), but it is not listed publicly and does not show up in searches.
To create a listing on the AppExchange, you must log in to the publishing console of the site. If you are both the developer of an app and the person responsible for creating the listing content (aka the publisher), you can start your listing by simply logging into the AppExchange with your developer edition credentials. Alternatively, if these roles are delegated, both the developer and the listing publisher can work on the app and listing in parallel, log into the publishing console with their respective credentials, and then link the two together.
Before Salesforce approves any listings, the app must undergo tests from their security review team. From the Offering tab, we can submit the package associated with the listing to AppExchange for approvals. An email is automatically generated and sent to the submitter asking for a Checkmarx security test and questionnaire to be completed. These include some general questions about the app if there are Apex classes and Visualforce components, etc. If the app fails the first round, don’t worry; go back and fix the problems that are noted by the Checkmarx test or from the AppExchange team.
The security review process follows these steps.
1) Prepare for the security review.
- Read the security guidelines in this chapter.
- Review the free resources listed on our Secure Cloud Development site.
- Check out the Security Review Hub in the Partner Community for preparation tips.
- Review the Requirements Checklist.
- Review the OWASP Top Ten Checklist.
- Run a free self-service source code analysis against code developed on the Force.com platform:
- Run a free web application scan against your external web-application that is integrated with Force.com.
- Manually test your app to ensure it meets review requirements not found by tools
- Fix any issues found during testing.
2) Initiate the security review.
- Log in to the AppExchange using the credentials for your APO.
- Click your name in the upper right corner and from the drop-down menu, select Publishing Console.
- If your app contains a managed package, click Start Review next to the package version that you want to submit.
- If your app uses the Salesforce API and does not contain a managed package, complete these steps.
– Click the Offering tab in your private listing.
– Select Your application is not a package and only uses the Salesforce API.
– Click Start Review.
- For each application, you’ll complete a security checklist and questionnaire. Provide the review team with a fully configured test environment that includes access information, login credentials, and all required automated scans.
- Pay the annual listing fee (for a paid app) and a one-time security review fee.
If your app is due for a subsequent security review, log a case in the Partner Community.
3) Review the results
There are three possible outcomes.
- Approved: You will immediately be allowed to list your application on the AppExchange. You might be provided an API token to access Professional Edition accounts. For more information on the Partner Program, including eligibility requirements, please visit us at www.salesforce.com/partners.
- Provisionally Approved: Low or medium risk issues were identified, which can be addressed fairly easily and do not pose a significant risk to Salesforce or its customers. You will be allowed to create a public listing for your application on the AppExchange. However, failure to remedy the noted issues within the specified time period will result in the removal of the application from AppExchange. You might be provided an API token to access Professional Edition accounts.
- Not Approved: High-risk issues were identified during the testing phase. You will not be allowed to list your application on the AppExchange until all issues have been addressed and reviewed by the AppExchange security team. If the application is already listed on the AppExchange, you will be provided 60 days to address issues. You will not receive an API token to access Professional Edition accounts.
Once you have passed the security review you may login to the AppExchange and make your listing live. This is done from the publishing tab from the screenshot above. On this tab are Your Public Listings and Your Private Listings. On the private listings tab, the app will have a link saying “Make Public”. At this point, the app is available on the AppExchange for any and all to see. Also, Salesforce includes this recent addition in the weekly AppExchange Digest emails that are distributed, providing some free press for your app in the community.
Chief Technical Officer
Extensive experience in System Architecture, Project Management, and Delivery