FAQ-000888 - External Platform Security / Third-Party API Integration Security

To address a security finding where a third-party API supports outdated TLS versions (e.g., TLS 1.0 or 1.1), you should: 1. **Contact the API Provider**: Request the provider to discontinue support for outdated TLS versions and upgrade to a secure version like TLS 1.2 or higher. 2. **Remove References if Necessary**: If the provider cannot update their TLS support, consider removing references to the third-party API from your managed package to maintain compliance with security standards.

The FAQ content is already well-structured and accurate. No significant changes are needed as the advice correctly addresses TLS security concerns for third-party API integrations. The two-step approach (contact provider first, then remove if necessary) is appropriate for AppExchange security review compliance. I selected ApexInsecureEndpoint because this rule specifically detects insecure HTTP endpoints in Apex code, which directly relates to the FAQ's discussion of 'third-party API' integration security. When developers integrate with third-party APIs that support outdated TLS versions, this creates the exact type of insecure endpoint vulnerability that ApexInsecureEndpoint is designed to catch. I selected ApexSuggestUsingNamedCred because this rule promotes using Named Credentials for secure API integrations, which directly relates to the FAQ's guidance on 'third-party API my app integrates with.' When addressing TLS security issues with third-party APIs, using Named Credentials is a Salesforce best practice that this rule encourages, making it highly relevant to the FAQ's context of securing external API integrations.