A Quick Guide to Flawless Distribution of your App on AppExchange

salesforce data migration services

A Quick Guide to Flawless Distribution of your App on AppExchange

Posted by Seethu Maria Mathew

minutes read

AppExchange is every partner’s first choice to launch their product/solutions. But how armed are you when it comes to distributing your app? Many newbies struggle during the distribution phase due to limited exposure in the Salesforce ecosystem and the right knowledge.

What’s Distribution?

Distribution phase includes releasing an app to your target audience for promoting app engagement and utilization. Having a killer distribution strategy decides the future of your app on AppExchange. Here are some terminologies you should be familiar with before you get started:

App Packaging

To put in simple words, a package is like a box/container to incorporate either an individual component or numerous apps. Packaging helps you to group all Salesforce components such as apps, workflows, lightning components etc for distribution and deployment. You can distribute it to Salesforce users in your company and other organizations after creating the package. Third party apps can be distributed using managed or unmanaged packages. You should know what package you are going to choose before installing an app into a Salesforce org. 

Managed Package: 

Managed packages can be created in Salesforce UI and are mainly used by Salesforce partners to sell their products to Salesforce customers. The best part of managed packages is that it’s code is well hidden and no one can modify them accidentally or deliberately in production /sandbox. Also they are upgradable, have namespace, can be licensed and be automatically updated. 

Unmanaged Package:

You can use unmanaged packages to distribute open-source projects or application templates to developers for building an app. It is not upgradable and can be customized after installation. It’s more prone to data loss. 

AppExchange Listing

You can create a new listing from the Publishing tab in the AppExchange Console. 

A partner can choose to sell to a particular set of customers using Private Listing or make it available for all customers using the Public Listing option. 

Effective listing methods sets the trajectory of your app by bringing in maximum visibility to your customers. You can check out our infographic to get insights regarding the correct listing methods. 

Security Review

This is one of the most crucial stages that decides the future of your product. Every app must compulsorily go through the security review process to check whether it adheres to  Salesforce standards and best practices in different scenarios.  Here is how you can prepare for the security review:

  • Focus on security design right from the start.
  • Protect your apps from web attacks as listed on Open Web Application Security Project (OWASP).
  • Implement CRUD/FLS – Create/Read/Update/Delete and Field Level Security.
  • Make sure your app complies with all Salesforce security rules and best practices.
  • Leverage security scanners to conduct your own review.
  • Conduct rigorous security testing from a customer perspective.
  • Be prepared with all necessary documentations and credentials such as environments, packages, usage instructions etc  before review.

Here are some essential scanners that will come in handy during the process:

  • SFDX Scanner
  • Chimera
  • Source Code Scanner
  • Checkmarx

After you’re fully prepared the next step is to submit the app for review. You can submit the app through the Partner Community Publishing Console. Use the Security Review Wizard and upload the required documentation and other credentials. The security review process takes about 4-8 weeks to complete. You will get a report on the status of the review after the review is completed.

Source of Image- Salesforce

Go Live

After your app has passed through security review, login to the AppExchange to make your listing live. Click ‘Make public’ on the Publishing console. This is when your app becomes officially available in the search results. 


Pre-deployment analysis needs to be done during the security review phase itself. You need to identify your beta customers, decide on who will conduct the deployment of your app – whether its system integrators or an external professional team or if you can go ahead with your internal team. Finding the right skill set is the biggest challenge here, no matter who does it. Customer feedback is the key area of an app deployment phase. The more feedback you get from your customers, the more improved your app will be for the next release. You need to find a team who is well versed with handling the product feedback loop. 

Who will benefit from the Deployment plan?

  • Sales Team
  • End Customers 

Be mindful of your cost of deployment. ISVs get into trouble when their deployments are not consistent. Your cost of deployment should gradually decrease over each deployment stage. For instance, you may have started off your deployment project with $5000, but further deployments shouldn’t affect your budget and should be consistent enough to attract your target buyers. 

Need a helping hand with distribution of your app? Don’t hesitate to hire an experienced partner for your AppExchange development services.

Notify of
Inline Feedbacks
View all comments