My custom application is ready, what should I consider before I ask for a validation test?
Expander service subscription
Access to a customer's tenant from a custom application requires an active Expander service subscription license. The license is purchased by the customer.
If the subscription is discontinued, any custom applications will lose access to that tenant.
Security
Provisioning
- Workflow for giving consent to the tenant is implemented so the customer administrator may approve the apps access to the database.
Error handling
- The application handles scenarios where access to the customer's database is lost, such as during our maintenance windows. Check the tenant status page
Limit your searches
- API calls don't choke the database
- Ensure the user types at least 3 characters before you start searching for contacts, persons, email addresses, selections, and similar
- No more than 10 api calls per second
Protect your web panels
- Information doesn't leak via web panels (and thus forwarded to others who are not authorized)
- The context identifier template variable (uctx) and also the User login associate ID (usid) are part of the URL of all web panels you add
- usec is never passed as a parameter in the URL
System user and important rules
- Never rename the owner company (contact.name field for the company with contact_id found in the Company database table). If you do, our license check fails and all users are locked out!
- Persons may be associates - if they have a row in the associate table then
- don't update a person's company (person.contact_id)
You must protect the customer database from total destruction, which will require Online Operations to update the database manually. Use the system user with great caution.
Maintenance window
- You will handle unavailability scenarios such as when CRM Online is not available
I'm good to go!
Sign me up for validation