+ Start a Discussion
Anil IngleAnil Ingle 

Don't want to pass production API url for security review

Hello All

I am preparing for security review. I have created one Free App and want to send it for review. My app has third party access to API and Our Portal.

API URL :: devapi.xyz.com
Third Party Portal :: www.dev-abc.com


These are my development sites and open to access from anywhere without any VPN. Now when I will release my free app these url will change to following.

Production URL
API URL :: api.xyz.com
Third Party :: www.abc.com


Now my question is that, do I need to send package for review with development url or production url?
Last time I sent with Production url and Salesforce created test data and that affected our Production customer which created lots of problem.

I want to avoid this situcation this time while security review.

Help/Sugggestions required on this situation.

Thank you
Hargobind_SinghHargobind_Singh
Hi, Salesforce wants to make sure that appropriate measures have been taken to safeguard the security of data and over-all the whole system, and hence the review requires actual API addresses. Maybe you can add some detection to your production instance, and delete the test data later ? 
Anil IngleAnil Ingle
Hi Hargobind

Thanks for replying. Is there any other way to avoid this? Otherwise I will have to create a testing user on production and need to provide same credentials to Salesforce and after review, need to delete that data. I will have to assess, what efforts required to do this.

Thank yoiu