FAQ-001039 - Guest User Security and Sharing / API and Integration Security

For API endpoints and integrations involving guest users, follow these security requirements: **API Endpoint Security:** - Public, unauthenticated API endpoints in managed packages aren't acceptable for AppExchange apps - All endpoints must include proper authentication and authorization mechanisms - API keys must be stored securely in protected custom settings or Named Credentials to comply with security standards **Guest User API Integration Requirements:** - Ensure guest users have limited permissions and access - Execute updates or operations in Apex methods controlled by appropriate permission sets - Avoid direct edit or sharing abilities for guest users due to secure guest user record access updates - Properly sanitize and validate sensitive data or operations to prevent vulnerabilities like SOQL injection or unauthorized access - Document all scenarios involving guest user access and ensure compliance with security review guidelines **External System Integration Best Practices:** 1. **Limit Permissions**: Avoid granting Guest Users excessive permissions like Create/Update access or granular sharing rules 2. **System Mode Execution**: Execute code in system mode to ensure secure operations when Guest User context is required 3. **Data Protection**: Use encryption mechanisms (e.g., AES symmetric encryption) for sensitive data and store encryption keys securely in Protected Custom Metadata 4. **Named Credentials for Integrations**: Use Named Credentials as the preferred integration mechanism for external callouts, requesting only the least privilege permissions necessary for the use case 5. **Validate Parameters**: Validate redirection parameters to prevent open redirection vulnerabilities 6. **Restrict Record Access**: Ensure Guest Users can only update their own records by validating user-specific access and avoiding exposure of sensitive data For more details, refer to the Guest User Record Access Development Best Practices and ensure compliance with AppExchange Security Review policies.

The main issues identified were: 1) Minor wording improvements for clarity and consistency with the brand guidelines (changed 'are not acceptable' to 'aren't acceptable' for conversational tone), 2) Updated OAuth recommendation to Named Credentials recommendation to better align with ApexSuggestUsingNamedCred rule which specifically suggests Named Credentials for secure external integrations rather than OAuth flows. For security rules selected: - ApexInsecureEndpoint: Directly relates to the FAQ's emphasis on 'All endpoints must include proper authentication and authorization mechanisms' and the prohibition of 'Public, unauthenticated API endpoints' - ApexSOQLInjection: Explicitly mentioned in the FAQ text 'prevent vulnerabilities like SOQL injection or unauthorized access' - ApexSharingViolations: Relates to the sharing and permission concepts discussed throughout, especially 'Avoid granting Guest Users excessive permissions like Create/Update access or granular sharing rules' - ApexOpenRedirect: Explicitly mentioned in 'Validate redirection parameters to prevent open redirection vulnerabilities' - ApexSuggestUsingNamedCred: Relates to the external integration recommendations, specifically the guidance about secure credential storage and external system integration - ApexBadCrypto: Relates to the data protection section mentioning 'Use encryption mechanisms (e.g., AES symmetric encryption)' - ApexCRUDViolation: Relates to the permission limitations and record access restrictions discussed for guest users