Publishing An App On AppExchange

Publishing An App On AppExchange

What is AppExchange?

The AppExchange is the world’s first on-demand application-sharing service. It provides a way to browse, test drive, share and install applications developed on Salesforce’s on-demand AppExchange platform. Partners, developers, and anyone else who chooses to participate can offer their Apps on the AppExchange directory. This directory gives Salesforce users an easy way to find and install applications to expand their use of the AppExchange platform to new areas of customer relationship management (CRM) and beyond.

Register as a Partner

To do this, go to  and fill the form. You’ll receive by email a login to the Partner Portal, which allows you to do all sorts of necessary things in the Partner lifecycle, like creating special org’s, logging partner support cases, and getting access to special training materials, etc.

Install License Management App

If you’ll be publishing apps on the AppExchange, install the free License Management App (LMA) app. With the LMA, you can automatically receive notification every time your package (app) is installed or uninstalled, thus letting you track users and easily notify them of any upgrades you publish.

Publishing an App on AppExchange

To make your app or consulting service available on the AppExchange, you must create a listing:

  1. Log into your AppExchange Publishing Organization (APO) or the organization you will designate as your APO once you log in.
  2. Create a provider profile.
  3. Create a new listing.
  4. If your listing is an app instead of a service, submit the app’s package for security review.
  5. After your app is approved, click Make Public to make your listing available to the AppExchange community. Public consulting services do not need a review.

Create APO

Once you are signed up as a partner, create an AppExchange Publishing Org (APO). In the Partner Portal, you’ll see a big button at the top of the screen labeled, “Create A Test Org.” For org type, select “Partner Developer Org.” You will receive new credentials by email. Be sure to login and set your password before proceeding. Note that the system will pick a username for you. If you don’t like it, feel free to change it. The purpose of this org is to help you publish listings on AppExchange.

AppExchange Publishing Organizations operate on a hub and spoke model. The APO is the hub. It contains all of the information about your company but doesn’t contain any information about your apps. Apps should always be developed in an org other than your APO. When you are ready to publish an app, simply click on the “Your Organizations” link and add the developer edition where you package your app to your APO. Once you connect the org’s, you will be able to see information from your spoke org’s in your hub APO org.

Create a  Provider Profile

Creating an AppExchange provider profile will allow you to list and publish your AppExchange App. People browsing your listings see the profile information on the Provider tab. You can also create a provider profile for your linked organizations although this profile will not be public. To create your AppExchange profile, log into your Partner Dev Org and click on the link provided on the detail page of your latest package; then click on the Start Publishing button to create your AppExchange provider profile.

Create a new Listing

Listings are the primary marketing tool for promoting your app or consulting service on the AppExchange. The more information you add to your listing, the more likely it is that users can find it.

Once you have an AppExchange Provider Profile, you can go to the Publishing tab, where you can create a new listing. A new listing is always private until the app passes the security review. While private, your app has a link on the AppExchange (which you can send to potential users), but it is not listed publicly and does not show up in searches.

To create a listing on the AppExchange, you must log in to the publishing console of the site. If you are both the developer of an app and the person responsible for creating the listing content (aka the publisher), you can start your listing by simply logging into the AppExchange with your developer edition credentials. Alternatively, if these roles are delegated, both the developer and the listing publisher can work on the app and listing in parallel, log into the publishing console with their respective credentials, and then link the two together.

Security Review

Before Salesforce approves any listings, the app must undergo tests from their security review team. From the Offering tab, we can submit the package associated with the listing to AppExchange for approvals. An email is automatically generated and sent to the submitter asking for a Checkmarx security test and questionnaire to be completed. These include some general questions about the app if there are Apex classes and Visualforce components, etc. If the app fails the first round, don’t worry; go back and fix the problems that are noted by the Checkmarx test or from the AppExchange team.

The security review process follows these steps.

1) Prepare for the security review.
  • Read the security guidelines in this chapter.
  • Review the free resources listed on our Secure Cloud Development site.
  • Check out the Security Review Hub in the Partner Community for preparation tips.
  • Review the Requirements Checklist.
  • Review the OWASP Top Ten Checklist.
  • Run a free self-service source code analysis against code developed on the platform:
  • Run a free web application scan against your external web-application that is integrated with
  • Manually test your app to ensure it meets review requirements not found by tools
  • Fix any issues found during testing.
 2) Initiate the security review.
  1. Log in to the AppExchange using the credentials for your APO.
  2. Click your name in the upper right corner and from the drop-down menu, select Publishing Console.
  3. If your app contains a managed package, click Start Review next to the package version that you want to submit.
  4. If your app uses the Salesforce API and does not contain a managed package, complete these steps.
    –  Click the Offering tab in your private listing.
    –  Select Your application is not a package and only uses the Salesforce API.
    –  Click Start Review.
  1. For each application, you’ll complete a security checklist and questionnaire. Provide the review team with a fully configured test environment that includes access information, login credentials, and all required automated scans.
  2. Pay the annual listing fee (for a paid app) and a one-time security review fee.

If your app is due for a subsequent security review, log a case in the Partner Community.

3) Review the results

There are three possible outcomes.

  • Approved:  You will immediately be allowed to list your application on the AppExchange. You might be provided an API token to access Professional Edition accounts. For more information on the Partner Program, including eligibility requirements, please visit us at
  • Provisionally Approved:  Low or medium risk issues were identified, which can be addressed fairly easily and do not pose a significant risk to Salesforce or its customers. You will be allowed to create a public listing for your application on the AppExchange. However, failure to remedy the noted issues within the specified time period will result in the removal of the application from AppExchange. You might be provided an API token to access Professional Edition accounts.
  • Not Approved:  High-risk issues were identified during the testing phase. You will not be allowed to list your application on the AppExchange until all issues have been addressed and reviewed by the AppExchange security team. If the application is already listed on the AppExchange, you will be provided 60 days to address issues. You will not receive an API token to access Professional Edition accounts.

 Go Public

Once you have passed the security review you may login to the AppExchange and make your listing live.  This is done from the publishing tab from the screenshot above. On this tab are Your Public Listings and Your Private Listings. On the private listings tab, the app will have a link saying “Make Public”. At this point, the app is available on the AppExchange for any and all to see. Also, Salesforce includes this recent addition in the weekly AppExchange Digest emails that are distributed, providing some free press for your app in the community.

AppExchange Development Checklist

AppExchange Development Checklist

In this blog, I will be writing down some of my AppExchange development checklists while developing an application for various. AppExchange is the Salesforce center on which one can launch their salesforce Application. Appexchange is the hub of thousands of application where Salesforce users can reach out to various paid and free applications as per their need. Appexchange helps more than 2000 Independent Software Vendors (ISVs) to reach more that 120,000 customers are offering applications that either extend CRM functionality or provide a solution entirely different from Salesforce CRM. While developing an Application in Salesforce,  I have always used the following checklist. 


  1. Brainstorming an application idea: The app idea which is fresh and new on the platform and had some excellent features which will enhance the user experience or Salesforce as a CRM
  2. Background study: Make sure that you are not reinventing the wheel. Appexchange is already hosting several apps and has many applications with repetitive ideas. Applications trying to do the same thing in a better way is still appreciated but do make sure that your application is way better than the existing solutions. Believing in yourself is good but it’s always great to have a round of random feedback on the Application ideas before you plan to develop them. Paid or Free should be a decision which cannot be easily taken by small vendors since releasing a Paid application on Appexchange may need initial cost/fee of $2700. You can always come up with a free basic version initially and then once your application is hit then a more complicated and Paid version.
  3. User Scenario: Make sure that all the User scenarios are very well thought of and do not leave any loose ends. When the purpose of the application is defined clearly still, there may be a chance when some scenarios may not have thought of clearly.
  4. Salesforce Editions: Applications published on Appexchange can be easily installed on Developer Edition, Unlimited edition, Enterprise edition. An application when being developed needs to be very certain that on which of the Salesforce flavors(Editions) it can be installed. Developing an application for profession edition may require an extra step of creating Aloha app and testing them in Profession Edition before release. 


  1. Plan the Development: Several small size utility tool type application can be designed straight from the idea and may not need a development plan but the applications having some wizard of pages may require a phase wise release cycle.
  2. Configuration: Make sure which all features in the application can configurable and which can be fixed is a tricky decision. Think to wear a User hat. Making your application configurable will need Application configuration page or set of Custom settings being defined by Administrator.
  3. Develop: While developing applications in Salesforce a developer will need the same set of Do’s and Don’ts as in ideal Salesforce developing phase. Code should be refactored, and peer review should be done and need to follow the best practices in Salesforce.
  4. Dirty Code: Make sure your application is doing only those stuff which it is supposed to do. While writing triggers, extra care should be taken that the business logic is being executed only when certain is coming in place. Nowhere any piece of code should be left which does not have a collective purpose.


  1. Basic Testing: can be done in the development org itself. Salesforce will request developers to have a separate developer org designated for testing. Make sure that no matter how complicated a Salesforce Org can be configured but still your application will not get affected.
  2. Aloha App Testing: Applications can be installed and tested on profession edition once it is Aloha enabled. To get your application Aloha enabled you will have to submit a request for your Salesforce partner license.
  3. Rigorous Testing: Make sure all the testing best practices were followed while testing the application. Triggers must be tested for bulkification, and Web services must be tested for heavy usage, Visual force pages, etc. all the features and components in the package must be tested in a detailed fashion.


  1. Submit for Checkmarx: Security review is a must for all the applications to be published in AppExchange. Checkmark makes sure that best practices in coding conventions are being followed.
  2. Submit for App Review: Always submit for App Review when you are sure that your application is bug-free and you have all the explanations to defend the functionalities of your app. It is a lengthy process and might take 6-8 weeks. So do test the application end to end before submitting for review.
  3. Relax: Now you have 8 weeks to work on something else. ?
  4. Content: To publish an application on AppExchange one must have the Application Logo created in various resolution, Banners, Screenshots, User installation guide, Application User guide, brief description, etc. These all content will be read and observed by your end users who will install your application from Appexchange so make sure they are attractive have precise and clear information. 


Many times it may be required that your application will need some tweaks and maintenance. Once some of the necessary change requests are submitted by various app reviews and user experience then it’s always good to develop them and let the users know about it in advance. Communication is essential when you are connecting with end users. Make sure that a new release should always be better than the old one.