Certification requirements for App Store

In this article

    To get listed, your app must be certified and meet our key certification criteria.

    Everyone benefits when your application runs correctly with SuperOffice CRM Online. Meeting these criteria means a better quality product, fewer customer frustrations, fewer support calls and better usability of the integrated solution.

    Following the guidelines also ensures that the application follows the fundamentals that make your product distributable as a standard application in the international SuperOffice marketplace.

    Dedicated representative

    As a partner, you are required to supply at least one dedicated representative to the certification process.

    Technical requirements for app certification

    The certification test will be run in SuperOffice Operations Development (SOD) environment, and later moved into Stage before we certify it and publish it in our CRM Online environment.

    We will now go through all requirements related to: 

    1. Security
    2. Traceability
    3. Availability
    4. Database access
    5. Provisioning/de-provisioning (deployment)
    6. Performance
    7. SuperOffice scripting usage
    8. Localization and language support
    9. Graphical User Interface
    10. Documentation
    11. Release strategy
    12. Support
    13. SuperOffice Online API Documentation

    Every section is divided into the following subsections:

    1. Customer benefits: The motivation for SuperOffice AS (and CRM Online partner) to focus on the specific issue
    2. Requirement: The requirements your product has to meet in order to be certified by SuperOffice AS
    3. Best practice: Useful guidelines and resources on how to meet the requirements
    4. Remarks: Additional info regarding the specific issue 

    Note: New apps presenting new questions may result in updated rules at any time.

    1. Security

    Any code must run with SSL in your own cloud, SuperOffice AS will not host any partner application on online.superoffice.com.

    If your application identity and/or application token should be lost you must notify SuperOffice Online Operations as soon as possible by sending an email to codered@superoffice.com. This will notify key personnel who will contact the Administrative Contact and/or Technical Contact you provided us with so we decide next step of action which may be to shut down the app/issue new keys.

    Security is our top most concern, and we require the use of WatchCom to make a security audit on all new potential partners and apps. The report from WatchCom is between the partner and WatchCom, but if there are potential showstoppers WatchCom will alert the SuperOffice Partner responsible/Certification Team about this. All red flags must be fixed before the app is published as a beta.

    Always keep in mind the OWASP top ten list: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

    Customer benefit
    • Secure data 
    Requirements
    • The app must be based on the Online Partner SDK, we will not host any partner DLL assembly in the websites bin directory.
    • The app must use Federated Authentication and a partner is not allowed to store any user credential authentication information in their application. 
    • You need to specify a redirect URL.
    • We also have agents with restricted access, and you will have to specify specifically if you need access to any of these endpoints. At current time these are: User, ErpSync, Replciation, Email, and Messaging. The list may change
    • Use SuperID and a system user, do not send username and password
    • Any endpoints in use must be registered as allowed by SuperOffice
    • Provide information if this is read or read/write operations
    Best practice
    • Authenticate with SAML or JSON, and make sure to validate the tokens you receive back from SuperOffice CRM Online.

    2. Traceability

    SuperOffice AS will log who calls us and when, but we do recommend that your application also log information about who and when. We would also like to see examples of what you long and how long you keep these logs.

    Customer benefit
    • If needed we may go back in time to see when and by who an operation was performed.
    Requirement
    • Logs should be minimum kept for 3 months
    Best practice
    • Keep logs from your applications stored for a minimum of 3 months.

    3. Availability

    SuperOffice AS and their hosting center guarantee a 99.8% percent availability, your systems need to be up and running in accordance with SLA.

    Customer benefit
    • Their data is available when they need it, or they should be made aware when it will be expected available to the best of our capabilities.
    Requirement
    • The amount of load is our biggest concern. Do not enforce so much load on the system so the system becomes unavailable for other users.
    • We will be monitoring traffic and in the future implement throttling that may affect you if you do
    Best practice
    • Provide the users with information if operations take time.

    4. Database Access

    The key message regarding database access is to update the database in accordance with the SuperOffice database rules. Many systems require correct information from different parts of the database in order to function correctly. Thus, failure to comply with these rules can lead to data loss and/or data inconsistency.

    Customer benefit
    • Ensure that errors will not appear in the client due to wrongfully added data.
    Requirement
    • Use the SuperOffice API’s to read/write to the database ensures data consistency.
    • SuperOffice CRM Online may only be accessed through our web services. We do not allow the creation of database trigger or stored procedure.
    • We do not allow the creation of new database tables (use of the SODictionarySDK), so any extra information must either be stored in the existing tables or hosted in your own cloud.
    • Ensure that Sentry rules are followed. Using the web services will ensure this happens automatically, however, be aware of the different sentry possibilities (roles, user-preference and sentry plugins) and give the user feedback when sentry denies access.
    • Use the ForeignKey, ForeignDevice, ForeignApp tables to store extra information. If you need more tables, they must be hosted in your cloud. PartnerAgent
    • Use preferences.
    • Ensure role, group, and user permissions are adhered to. Take into account sentry rights.
    Best practice
    • Use the SuperOffice API's

    5. Provisioning/de-provisioning (deployment)

    The installation is the first experience your customer has with your product. Many problems with software products are traced back to incorrect installation or configuration.

    Customer benefit
    • Easy and robust deployment and installation and configuration will ensure customers are given a pleasant first impression.
    Requirement
    • You need to provide us with a list of what is provisioned for a customer when installed.
    • After uninstallation, there must be no trace of your product. This means SuperOffice CRM Online has to run normally and unaffected by your product.
    • The installation process must be straightforward and easy to perform.
    • Do not require administrative rights when running your product.
    • Make a complete uninstall feature that ensures a complete removal of your application and all settings associated with it:
    • SuperOffice related (i.e. user-defined fields, web panels, buttons, and preferences).
    Best practice
    • The app may only be provisioned by an administrator, and make sure the app will clean up all configuration data in the database upon uninstall.

    6. Performance

    Customer benefit
    • User experience does not degrade on large sites.
    Requirement
    • All operations must finish within a reasonable amount of time.
    • Scalable
    • You may be throttled by SuperOffice and the user should not experience this as a hang.
    • We will at some point introduce throttling on the system – we may introduce some boundaries/limitations pr app/partner? As it is today, we reserve the right to stop your application if it causes performance problems for all customers. You will be notified when this happens.
    Best practice
    • Provide feedback to the user if an operation takes time, like with SuperOffice CRM Online you have the cogwheels showing that there is a background task running.
    Remarks
    • Running reports or similar requested work may take a long time.
    • It is important that navigation in the client not be slowed down. 

    7. SuperOffice scripting usage

    Please understand that we do not [at this time] support trigger-based calls from your application when events happen in SuperOffice. You must implement a polling service that periodically checks for the latest events and then process accordingly.

    8. Localization and language support

    Building localization features into the basic architecture of your product is essential to effective distribution, deployment and future maintenance of your product.

    Customer benefit
    • SuperOffice CRM has users all over the world. These users are used to running SuperOffice CRM in their native language.
    Requirement
    • All parts of the system – like dialogs, messages, standard reports, import data, and document templates – must be translated for each supported language
    • The product must be multi-language compatible: the application handling common data, e.g. lists according to languages coding for each supported language. List values like NO: ”Bil”, US: “Car” must be parsed and presented correctly.
    • Build structures for language support.
    • Support the SuperOffice core languages in category 1: http://devnet.superoffice.com/Technical/Documentation/SM/Language-support/
    • Your product should follow the SuperOffice language settings.
    • We recommend using a professional agency for translation. (SuperOffice AS can offer partners access to the agency SuperOffice uses.)
    • This point is only relevant if your product supports more than one language.
    • Your product installation program can be limited to English only.

     

    9. Graphical User Interface

    The importance of providing the same look & feel is often underestimated by programmers when integrating two different applications.

    Our experience is that simple is better and less is more. However, to make it simple for the user often means (a lot) more work for the programmer.

    Customer benefit
    • Following the Style Guide will ensure that the product integrates seamlessly with SuperOffice and other partner products. The product will be experienced as a member of a product family.

    Remarks

    • GUI elements that do not have a SuperOffice CRM graphical look are permitted as long as the host application is visible outside SuperOffice CRM Online.
    Requirement
    • The GUI of your product must adopt the graphical look from SuperOffice CRM when your app adds web-panels or other visual interface directly in the SuperOffice application.
    Best practice

    Look:

    • Either use Microsoft Windows standard looks, or copy the SuperOffice CRM looks, but don’t try to mix the two.
    • Hide unnecessary details behind a MORE >> button
    • Hide seldom used buttons behind a TASK menu button
    • Use buttons to indicate actions
    • Prefer selecting from a drop-down list to typing in a text field. Provide history or autocomplete if possible.
    • Help the user; disabled fields and buttons should provide an explanatory tooltip
    • Disable buttons that have no effect (i.e. disable the Save button when nothing has been changed)
    • Dialogs should arrange buttons along the bottom: Task, OK, Cancel
    • Avoid nesting tabs – multiple tab layers are confusing 
    • Avoid having different modes in the same display
    • Use progressive disclosure (i.e. use tooltip to show additional information on a list item)
    • Test your own software not only with SuperOffice CRM Online but also with frequently used 3rd part software

    Feel:

    10. Documentation

    Customer benefit

    • Proper product documentation will help the user help them self.
    Requirement
    • The add-on must have an installation guide available in at least one language if the user needs to set up something in CRM Online manually.
    • If the product is supported outside Scandinavia, an English, or country-specific, version must be available
    • The add-on should have a user guide available in each supported language
    • On upgrade, the add-on must have a release notes document available
    • Use catalog Screenshots, Presentation, Screencast, or Youtube video that we may link to from our AppStore. During provisioning, these may also be easily available for the administrator who performs the operation.
    Best practice
    • Provide SuperOffice and the certification team with the URLs so we may set them up correctly. We will at a later stage make it possible for you to edit your own applications.
    Remarks

    The installation guide should contain a troubleshooting section to help customer administrators/consultants cope with common issues.

    11. Release strategy

    Customer benefit
    • Error reporting and diagnosing faults becomes much easier.
    Requirement
    • Any new release of your application is your responsibility to verify that it still works
    • Before major upgrades of CRM Online, you will be notified and given access to a beta of our new release in our SOD updated environment. You must verify your app in this new environment
    • Certification tests are only run against the latest version.
    • You may continue to use web services from an earlier release until we announce EOL
    • Attend beta programs
    • Continuous delivery

    We recommend that you also run three parallel installations:

    • One against our development environment (SOD)
    • One against our staging environment (Stage)
    • One against our production environment (online.superoffice.com)
    • These require different installation URLs and Application Identity/Application Tokens.

    Best practice

    • Be part of the beta programs. Whenever SuperOffice Online releases a newer version we will notify you via the forums, you should sign up for email notification. Make sure you upgrade your application to use the latest version of our endpoints as soon as possible.
    Remarks

    You do not have to synch your version number to SuperOffice. 
     

    12. Support

     

    Customer benefit
    • Customers can get help from someone who can fix the problem.
    Requirement
    • The add-on must have at least one assigned support resource
    • Dedicated Phone / Email / Web page
    • Bug / Support Case Software
    • Forum
    • Training (video/web-based)
    Best practice
    • Easy access to a knowledge base or support pages from your app.
    Remarks

    Using tracking software like Customer Service, Trac, or Bugzilla is not required, but is encouraged.
     

    13. SuperOffice Online API Documentation

    NetServer Web Services: http://devnet.superoffice.com/documentation/sdk/SO.Server.Services/Index.html

    Example code:

    https://community.superoffice.com/en/crm-online/partners-and-app-store/how-to-develop-on-the-superoffice-online-platform/building-your-first-application/online-sdk-downloads/