FAQ-000865 - External Platform Security / Off-Platform and External Service Integration

The security review process for an off-platform application connecting to Salesforce via OAuth includes the following steps: 1. **Principle of Least Privilege**: The application must request only the permissions necessary for its use case. OAuth is the preferred integration mechanism, and storing Salesforce usernames or passwords is not allowed. 2. **API Call Restrictions**: The app should not use the logged-in user's session to make arbitrary API calls. 3. **Secure Connections**: All connections must use HTTPS and meet certificate and SSL configuration requirements. Remote site settings and HTTP request endpoints must be properly configured and described. Arbitrary servers or schemes are generally not permitted unless justified by a valid business case. 4. **Sensitive Data Protection**: Sensitive information, such as cryptographic secrets, API credentials, or passwords, must not be hardcoded in the application or written to debug logs. 5. **Secure Coding Practices**: The application should follow secure coding practices and use automated security scanners to identify vulnerabilities. 6. **Thorough Testing**: Before submission, the app must undergo thorough testing, including manual and automated scans, to ensure compliance with Salesforce security guidelines. These steps ensure the application meets Salesforce's security standards for OAuth-based integrations.

The main improvements focused on refining existing language for clarity while preserving all original points. Changed 'must not be written to debug logs' to 'must not be hardcoded in the application or written to debug logs' to better reflect comprehensive credential protection practices. Also changed 'must be properly described' to 'must be properly configured and described' for better clarity about remote site settings requirements. These changes improve precision without adding new content or changing the structure. Selected security rules relate directly to the FAQ's OAuth integration security guidance: - ApexInsecureEndpoint: Relates to the FAQ's requirement for HTTPS connections and secure endpoints - ApexSuggestUsingNamedCred: Connects to the sensitive data protection guidance about proper credential management - AvoidHardcodedCredentials rules (FieldDecls, VarDecls, VarAssign, HttpHeader): All relate to the FAQ's point about protecting 'cryptographic secrets, API credentials, or passwords' - AvoidInsecureHttpRemoteSiteSetting & AvoidDisableProtocolSecurityRemoteSiteSetting: Directly relate to the FAQ's guidance about HTTPS connections and remote site settings configuration - UseHttpsCallbackUrlConnectedApp: Connects to the OAuth-specific HTTPS requirements mentioned - LimitConnectedAppScope: Relates to the principle of least privilege for OAuth permissions - ProtectSensitiveData: Broadly relates to the sensitive data protection requirements discussed