4. CONCEPT
W H A T I T I S
W H O I T I S F O R
W H Y T H E Y W A N T I T
H O W I T W I L L B E U S E D
5. WHAT IT IS
REST API’s that
perform a variety of
utility functions
Calculations
Data transformation
Text manipulation
Currency conversion
Date/Time operations
File management
Subscription-based SaaS delivery
model
No-code implementation
6. WHO IT IS FOR
Power users
Citizen
developers
Low-code
application
designers
Process
automation
creators
Workflow
architects
Business
application
owners
Departmental IT
managers
Application
integrators
Accidental
administrators
7. WHY THEY
WANT IT
Drag and drop application extensibility
• Translation, image transformation, speech to text, URL shortening,
time zone conversion
Role, department or application-specific functionality
• Stock quotes, currency conversion, scientific calculations
Fill functional gaps
• Modify collections, generate QR codes, encode/decode strings,
manipulate text
Increase productivity
• Format dates/times, generate secure hashes, convert weights &
measures, redact text, verify emails
8. HOW IT WILL BE
USED
Custom actions for Visual Flow and Process
Builder
Pre-defined options and picklists
Drag-and-drop components
Secure credentials
Lightning ready (but no UI elements)
9. OPPORTUNITY
W H A T W E K N E W
W H A T W E T H O U G H T
W H A T W E L E A R N E D
10. WHAT WE KNEW
Salesforce
• Rich ecosystem with large
concentration of target user
roles
• Departmental app
development and process
automation environment
• Extensible plugin framework
• Mature partner program
AppExchange
• 3.5M app installs
• 3k+ apps
• $1.5B market
• 15% revenue sharing
PowerTools
• Established offering
(Microsoft, IBM, Nintex)
• Open API (Swagger)
specification
• Multi-cloud infrastructure
• Simple onboarding
• Easy integration
11. WHAT WE THOUGHT
Development
• Custom external
connector
• Automatic UI
element
rendering
• API key
integration
• Branding
elements
Delivery
• Package
submission
• Review and
testing
• Minimal asset
package
Implementation
• User “plug and
play”
• Connector setup
• Configurable
authorization
Marketing
• Searchable store
listing
• In-app
discoverability
• Visual branding
12. WHAT WE
LEARNED
•Specification size limit (100k chars)
•Operation restrictions
•Named credentials & endpoint access
•Lack of custom objects
•Complex setup
Development
•Complex packaging
•Managed vs unmanaged
•Lengthy and EXPENSIVE security review
Delivery
•Admin install
•Named credentials (user/pass, Oauth)
•Limited object integration in UI
Implementation
•Content-rich storefront
•Searchable listings
•Limited discoverability
•No visual branding
Marketing
13. DEVELOPMENT
A R C H I T E C T U R E
C O N V E R S I O N
C O D E
C U S T O M O B J E C T S
P A C K A G I N G
15. 1
Start with a fully-documented
REST API in Open API 2.0
format
80+ endpoints
5,000+ lines
147,000+ chars
REST API
2
Run Swagger Codegen for
Apex to generate classes,
tests, documentation and
configuration
SWAGGER CODEGEN
3
Compile and test generated
Apex classes, custom objects,
project files
APEX CLASSES
4
Create a new project, copy
generated code, create
package
PACKAGE
CONVERSION
17. Extensive use of
enums in API
specification
Options
Picklists for
screens and
actions
User Interface
Deployable with
managed package
Packaging
A B
C
CUSTOM OBJECTS
METADATA
API
19. EXECUTION
P A R T N E R O N B O A R D I N G
S E C U R I T Y R E V I E W
R E L E A S E M A N A G E M E N T
M A R K E T I N G
20. PARTNER
ONBOARDING
• Business
• Extensive business information
• Be prepared to provide documentation
• Gated interviews
• Plan
• Have offering clearly defined
• Know your pricing and customer profiles
• Answer how you plan to add value to
ecosystem
• Review
• Submit for acceptance
• Due diligence and compliance
• AppExchange contract
21. Run OWASP ZAP scanner on a machine with
sufficient resources. Conduct penetration testing.
TEST
Run scanner again. Repeat 1-3 until no
critical results remain. Document.
RETEST
Submit for review, provide credentials, upload reports,
PAY FEE. Wait. Wait. Wait.
SUBMIT
Analyze test results, correct issues, patch
vulnerabilities
HARDEN
1
2 3
4
SECURITY REVIEW
22. SECURITY
REVIEW
Automatic approval < 1 yr
Greatly reduced ongoing
fee
ORDER
MANAGEMENT
Connection
Partner Orders
License Management
LISTING
Media
Documentation
Promotions
RELEASE MANAGEMENT
23. MARKETING
• AppExchange is a listing not a
marketing engine
• You are responsible for getting
customers
• Tips
• Drive organic & paid search to your
listing
• Offer free trials (or freemium versions)
• Trialforce (for more complex offerings)