We have an AppExchange package which uses IFrames and connects to salesforce from our web server via the partner wsdl.

Most customers use the combination of username/password/security token to authenticate. However, one client uses IP restrictions on the User Profile, and doesn't enter their security token.

I have tested this both on profile restrictions and on organization-wide restrictions, and this seems to work for me with my test profiles. However, the client's attempts are always greeted with:

INVALID_LOGIN: Invalid username, password, security token; or user locked out.

The client tells me that the IP address is entered correctly, the API is enabled, they are entering their credentials correctly and that their account is not locked out.

Are there any other factors in play that I haven't thought of? They are a big client, and I really need this to work for them.

Since Salesforce changed the Country and State fields to picklists we've run into problems.

While we can enter US states fine, we can't enter UK Counties (the equivalent of states) because the UK isn't in the list of countries that have States defined.

Is there any way we can add State values to these countries, or is that up to the org's administrator only? At the moment we're inserting it into the City field, but obviously that's not ideal.

How do I get hold of the API token to allow our app to work in PE/GE? Apparently it's available after Security Review, but I can't find it. We're supposed to be going live now, so I really need it urgently!

I've written a lightweight connector to allow access to our database of contacts and accounts. The connector uses the Partner WSDL to import the standard objects into the user's Sales Cloud.

From what I can see you have to pass the user's Username and Password (with the Security token) to the API to login, which means we either have to store the Password or ask the user for it every time. Is that right? Do other apps store the user's password in a format which has to be decryptable?

I have a simple package which will shortly be going for security review for the appexchange.

All of the interactivity is with the standard fields on Lead/Contact/Account objects, but I need to make sure those fields are accessible for the user.

I tried adding a Permission Set with the required permissions in it, but that doesn't seem to bring the permissions over when installed.

What's the best way to do this?

I have a simple package which will shortly be going for security review for the appexchange.

All of the interactivity is with the standard fields on Lead/Contact/Account objects, but I need to make sure those fields are accessible for the user.

I tried adding a Permission Set with the required permissions in it, but that doesn't seem to bring the permissions over when installed.

What's the best way to do this?

I have an existing stand-alone web application. I want to create an App to hook into the Salesforce.com CRM system. This will entail some IFrames, a new tab and an API link-up from the web app to the customer's CRM installation.

Because the system already exists, and all we're doing is just hooking up a few simple API calls, we were hoping to build this in just a few weeks.

We have just discovered that the turnaround for the Security Review is 5 - 7 weeks, blowing the project timescale from a few weeks to several months.

Assuming there is no way to speed this up, can we create a beta testing group of existing Salesforce.com clients for before or during the Security Review phase? Are they able to install the App another way?

Is there anything else we can do to speed up the process?

I have a simple package which will shortly be going for security review for the appexchange.

All of the interactivity is with the standard fields on Lead/Contact/Account objects, but I need to make sure those fields are accessible for the user.

I tried adding a Permission Set with the required permissions in it, but that doesn't seem to bring the permissions over when installed.

What's the best way to do this?

I have a simple package which will shortly be going for security review for the appexchange.

All of the interactivity is with the standard fields on Lead/Contact/Account objects, but I need to make sure those fields are accessible for the user.

I tried adding a Permission Set with the required permissions in it, but that doesn't seem to bring the permissions over when installed.

What's the best way to do this?

I have an existing stand-alone web application. I want to create an App to hook into the Salesforce.com CRM system. This will entail some IFrames, a new tab and an API link-up from the web app to the customer's CRM installation.

Because the system already exists, and all we're doing is just hooking up a few simple API calls, we were hoping to build this in just a few weeks.

We have just discovered that the turnaround for the Security Review is 5 - 7 weeks, blowing the project timescale from a few weeks to several months.

Assuming there is no way to speed this up, can we create a beta testing group of existing Salesforce.com clients for before or during the Security Review phase? Are they able to install the App another way?

Is there anything else we can do to speed up the process?