FAQ-000438 - Connected App Security / Third-Party Integration

Here are the comprehensive security best practices for implementing Connected Apps with third-party integrations: **Connected App Configuration:** 1. **Use OAuth**: OAuth is the preferred mechanism for third-party integrations 2. **Least Privilege Permissions**: The app should request only the minimum permissions necessary for its use case 3. **Secure Storage**: Ensure credentials are securely stored and handled using protected custom settings or metadata 4. **Credential Rotation**: Rotate credentials periodically (e.g., every six months) 5. **Enforce HTTPS**: All connections must use HTTPS for secure communication **Named Credentials Best Practices:** 1. **Secure Authentication Management**: Use Named Credentials to securely store and manage authentication details like client ID and client secret without hardcoding 2. **Enable Required Options**: Enable options like "Allow Merge Fields in HTTP Body" or "Allow Formulas in HTTP Body" as needed 3. **Legacy vs Modern**: - Legacy named credentials: Use merge fields to construct HTTP request bodies - Modern named credentials: Use formula functions to dynamically manage authentication parameters 4. **Fallback Storage**: If named credentials are not feasible, store secrets in protected custom settings or metadata **CSP Trusted Sites Security:** 1. **Selective Addition**: Add only necessary and verified third-party domains to CSP trusted sites 2. **Security Validation**: Ensure added domains are secure and free from vulnerabilities like open redirection 3. **Regular Review**: Periodically review and validate trusted sites **API and Integration Security:** 1. **Security Assessments**: Conduct security scans (e.g., ZAP or Burp) for third-party API endpoints to identify vulnerabilities 2. **Third-Party Consent**: Obtain consent from the third party for security assessments if you do not own the API 3. **Vulnerability Management**: Address all flagged vulnerabilities before deployment **Code Security Practices:** 1. **CRUD/FLS Enforcement**: Implement CRUD/FLS checks for all DML operations to prevent unauthorized access 2. **User Mode Operations**: Use "USER_MODE" or "AccessLevel.USER_MODE" for operations to enforce user-level permissions 3. **Encryption Standards**: Use AES-128 or higher encryption standards for storing sensitive data 4. **Vendor Libraries**: Rely on vendor-provided encryption libraries instead of custom implementations 5. **Avoid Logging Secrets**: Remove any `System.debug` calls that might expose sensitive information 6. **Secure Browser Storage**: Use password managers or secure storage solutions provided by the browser or operating system instead of storing secrets directly **Data Protection:** 1. **Avoid Public Storage**: Do not store sensitive data in public custom objects 2. **Prevent Data Transmission**: The app must not transmit sensitive data outside the Salesforce platform unless absolutely necessary 3. **Secure Callback URLs**: All callback URLs must use HTTPS to ensure secure communication **Documentation and Compliance:** 1. **Security Review Package**: Prepare detailed security review documentation, including scan reports and false positive documentation 2. **Compliance Verification**: Ensure compliance with Salesforce security guidelines and industry standards 3. **Customer Requirements**: Meet customer-specific requirements for handling sensitive data 4. **Clear Documentation**: Provide clear documentation for the integration process **Architecture Validation:** Using a Connected App to manage customer authentication to an external service is a secure and acceptable architecture when following these best practices and ensuring compliance with security review requirements.