u/AppX_Unmanaged

The ones that haunt you. The 4 hour bugs that turned out to be a checkbox. The migration that broke because of a trailing space. The Flow that wouldn't fire because someone deactivated a profile in 2019.

Drop yours. The dumber the better.

Mine: spent half a day debugging why an Apex trigger wasn't firing on a specific record type. Turned out the test class was passing because someone wrote `System.assert(true)` and called it covered.

We all have one. The take that makes the rest of the team groan or argue with you in standups. Drop yours below. No wrong answers, just spicy ones.

I'll start with mine to get the temperature right:

Flow is overrated and Salesforce pushing it as the answer to everything has made admin work worse, not better. Apex was fine. Process Builder, despite being deprecated, was actually easier to debug than half the Flows people build today. "Click not code" became "click 47 times and pray."

Your turn.

Follow up to the rename cheat sheet. After 10 years of decoding Salesforce marketing, I made a translation guide. Sharing because someone needs to.

Product release lifecycle:

Beta = in production, but no support if it breaks

Pilot program = we're charging you to be our QA team

Limited release = expensive and unfinished

Generally Available = mostly works, sometimes

Sunset = deprecated, we're just softening the language

Retire = forced migration incoming

End of life = you have 18 months and no migration tool

Marketing buzzwords:

Composable = you have to assemble it yourself

Unified = we mashed three products together and called it strategy

Seamless integration = requires middleware and 3 implementation partners

Enterprise grade = expensive

Industry leading = ranked 4th in a Gartner report

AI powered = there's an LLM wrapper on it

Reimagined = renamed

Modernized = rebuilt from scratch, you'll need to migrate

Next generation = the previous version didn't work

Technical euphemisms:

Click, not code = until you hit the limits, then code

Low code = the code is still there, you just can't see it

No code = code exists, but a Salesforce employee wrote it

Out of the box = configurable, but the defaults will hurt you

Best practice = a workaround for limits we won't fix

Native = built by Salesforce (so you can't customize the parts you'd want to)

Roadmap and strategy words:

Roadmap = three slides in a Trailhead module

Strategic = we're investing here, expect three rebrands

Innovation = it's old elsewhere but new for us

First class citizen = we'll support it for now

Reduces complexity = adds three more products to the suite

Customer 360 = it was a product, then a strategy, then a tagline, now nobody knows

Sales call vocabulary:

"It's on the roadmap" = the AE has no idea but doesn't want to lose the deal

"That's a great question" = we don't have an answer

"Many of our customers do this" = one customer once did this

"It's a configuration, not customization" = it's code, but we won't call it that

"You can do this with Flow" = good luck

I'm definitely missing some. Drop the ones I forgot in comments and I'll keep updating.

Save this for the next vendor meeting.

Genuine question from someone who has been in the ecosystem for years and is losing track.

Is it:

- AppExchange or AgentExchange?
(Answer: AgentExchange since TDX 2026, but URLs still redirect from appexchange.salesforce.com)

- Service Cloud Voice or Salesforce Voice?
(Trailhead now says Salesforce Voice)

- Pardot or Marketing Cloud Account Engagement?
(Officially MCAE, everyone still says Pardot)

- Einstein or Agentforce?
(Both, depending on which deck you opened)

- Tableau CRM or CRM Analytics?
(CRM Analytics, with parts being absorbed elsewhere)

- Salesforce CDP or Data Cloud or Data 360?
(Data Cloud, with Data 360 as the new branding layer)

- Sales Dialer or Salesforce Voice?
(Being absorbed)

- Open CTI or whatever's replacing it?
(Open CTI deprecates Feb 28, 2028)

- Agentforce Contact Center or Agentic Contact Center or Salesforce Voice?
(Yes)

I've been in the Salesforce ecosystem for years and I genuinely cannot keep these straight in real time.

What am I missing? Drop more in comments.

I've spent the last few years working with ISVs going through the AppExchange listing process and figured I'd write up everything I wish I'd known before the first one. The marketing pages are useless and the official docs are scattered across 30+ help articles. Hopefully this saves someone a few weeks.

This covers the full path: Partner Program, managed packages, Business Plan Review, Security Review, costs, revenue share, and the AgentExchange rebrand from TDX 2026.

What is Salesforce AppExchange (and what changed in 2026)

AppExchange is the official Salesforce app marketplace where ISVs list managed packages, integrations, and now Agentforce agents. At TrailblazerDX 2026, Salesforce unified AppExchange, AgentExchange, and Slack Marketplace under the AgentExchange brand, with a $50M Builders Initiative aimed at small ISVs.

What actually changed:

- Existing listings, reviews, ratings, and package IDs all carry over. No relisting required.

- Search is now intent based via Data 360 semantic search. Keyword stuffed listing copy is going to lose ranking. Listings written as answers to specific buyer problems will benefit.

- Agentforce native categories (Actions, Topics, Prompt Templates, Agent Templates) are first class listing types now, getting promotional priority during the launch wave.

- Unified billing across Salesforce and Slack. Single contract path for buyers, real procurement win.

- Security Review, Business Plan Review, ISVforce and OEM agreements are all unchanged.

The Salesforce ISV Partner Program

A Salesforce ISV (Independent Software Vendor) is a partner that builds and distributes software on the Salesforce platform, typically as managed packages on AppExchange. Joining the Partner Program is free.

Two agreement types matter:

ISVforce. Customer must have their own Salesforce license. Salesforce takes 15 percent of your revenue (10 percent on revenue above $20M annually). Best for add ons that extend Salesforce.

OEM Embedded. You bundle a Salesforce license into your product. Customer never knows they're on Salesforce. Salesforce takes 25 percent (15 percent above $20M). Best for standalone products built on the platform.

If your buyer already runs Salesforce and your app extends it, ISVforce. If you're hiding the platform from your buyer, OEM.

To become a partner:

1. Apply at partners.salesforce.com (1 to 3 weeks)

2. Sign the Partner Master Agreement

3. Complete Trailhead onboarding

4. Get a Partner Developer Edition org and namespace

5. Sign your ISVforce or OEM agreement when ready to list

Managed packages, the actual hard part

A managed package is the versioned, upgradable container of Salesforce metadata that ISVs distribute. For any paid AppExchange listing you need a managed package, full stop. Unmanaged packages are useful only for templates and reference implementations.

If you're starting today, build on 2GP (Second Generation Packaging) using a Dev Hub. 1GP still works but Salesforce is steering everyone toward 2GP. Migration from 1GP to 2GP is supported but non trivial.

The traditional path requires a Salesforce developer who knows the dance: sf project setup, namespace registration through a Developer Edition org, package and version creation via SFDX, proper test coverage above 75 percent, FLS and CRUD checks on every DML operation, and clean architecture for security review. A typical mid sized package takes 3 to 9 months to build properly.

This is the part most founders underestimate. Salesforce specific gotchas (governor limits, packaging dependencies, namespace decisions, sharing rules) compound expensively when handled by teams without ecosystem experience. I've seen multiple companies burn $200K+ with offshore teams that produced packages which couldn't pass security review.

How to list on Salesforce AppExchange

The end to end sequence:

1. Partner Program application (free, 1 to 3 weeks)

2. Build managed package (3 to 9 months traditional, faster with newer tooling)

3. Submit Business Plan via Partner Center

4. Business Plan Review (2 to 4 weeks)

5. Set up License Management App (LMA)

6. Configure listing in Partner Console

7. Submit for Security Review

8. Security Review (4 to 8 weeks first attempt, often 2 to 3 cycles total)

9. Publish listing

10. Set up Channel Order App (COA) if billing outside Partner Checkout

Realistic end to end: 4 to 9 months for a first time ISV. Build phase dominates the timeline.

Business Plan Review is where a lot of founders trip. Salesforce wants a real GTM doc, not a form. Common rejections: vague pricing, fuzzy ICP, no competitive analysis, weak monetization story (especially for free apps with no clear paid path). Treat it like a YC application for Salesforce.

Security Review, the other hard part

Security Review is mandatory for paid apps and most free apps that handle sensitive data. Salesforce's Product Security team checks for SOQL injection, XSS, CSRF, broken access control, hardcoded credentials, missing FLS/CRUD checks, and a long list of platform specific issues.

The fees. $999 per submission attempt for paid apps. Free for free apps. Most ISVs budget for at least 2 attempts because first time pass rates are well below 50 percent.

The timeline. Salesforce officially says 4 to 5 weeks for a first review. In practice, total time from first submission to passed averages 8 to 16 weeks for first time ISVs because of common findings and resubmissions.

What they actually check. Static code analysis (Salesforce Code Analyzer / Checkmarx), dynamic scans on external endpoints (OWASP ZAP, Burp), manual penetration testing, architecture review, and documentation review. They want to see Named Credentials for external callouts, Remote Site Settings configured, escape directives in Lightning markup, with sharing keywords on Apex classes, and proper test coverage.

If you fail. You get a detailed findings report. Fix, pay another $999, resubmit. There's no permanent rejection. Most apps pass on attempt 2 or 3.

The single biggest predictor of passing on the first try is internal hardening before submission. Run Code Analyzer on the full codebase, address every High severity issue, run OWASP ZAP on external endpoints, and document your architecture clearly. ISVs that skip this and submit raw fail almost universally.

What it actually costs to publish on AppExchange

Ignoring development cost, the AppExchange specific costs:

- Partner Program membership: $0

- Business Plan Review: $0

- Security Review: $0 free apps, $999 per attempt paid apps

- Listing setup: $0

- Salesforce revenue share: 15 percent ISVforce, 25 percent OEM (reduced rates above $20M annual revenue)

Development cost is where the real money goes. Traditional Salesforce development on AppExchange ranges from $40K (lean utility) to $500K+ (enterprise grade). PDOs like CodeScience, Aquiva Labs, Concretio, and Noltic typically charge $150 to $250 per hour with $80K+ minimums. AI native packaging platforms (this is where my disclosure goes, see bottom) compress this to days for many use cases.

Factor in 15 to 25 percent of build cost annually for maintenance.

Is AppExchange worth it for small ISVs and SaaS?

The honest answer: yes if you fit, but not for the reason most people think.

AppExchange is a credibility and procurement unlock, not a top of funnel channel in year one. Listing alone does not generate installs at meaningful volume for most categories. Search volume and competition mean you're not getting discovered through marketplace browse for most app types.

Where it creates real value:

- Salesforce admins evaluating tools strongly prefer apps with passed Security Review

- Enterprise procurement is dramatically smoother for pre vetted apps

- Native install reduces sales friction on technical evaluations

- Reviews and ratings provide ongoing social proof

- Co-selling motion with Salesforce AEs unlocks above $1M ARR

Where it doesn't:

- It's not a primary acquisition channel

- The 15 to 25 percent revenue share materially affects unit economics on lower priced products

- You still need outbound, content, and SI partnerships to drive pipeline

If your buyer is a Salesforce admin or RevOps leader, list. If your buyer doesn't use Salesforce, the OEM Embedded path may not pencil out depending on your pricing.

Native vs middleware (Mulesoft, Zapier, iPaaS)

For B2B SaaS adding a Salesforce integration, the choice is usually native managed package vs iPaaS layer.

Native managed package wins when: your integration is Salesforce centric, data primarily lives in Salesforce, you want zero external infrastructure for the customer, and you want listing visibility.

iPaaS (Mulesoft, Workato, Boomi) wins when: you're connecting many systems beyond Salesforce, the integration logic is complex transformation heavy, or the customer already standardizes on an iPaaS layer.

For most B2B SaaS "Salesforce integration as a checkbox" requirements, native wins on customer experience, security review credibility, and zero customer ops burden.

Summary playbook

If you're a SaaS founder thinking about AppExchange in 2026:

1. Apply to Partner Program now (it's free and takes weeks to get through)

2. Decide ISVforce vs OEM based on whether your buyer already runs Salesforce

3. Build on 2GP, not 1GP

4. Treat Business Plan Review like a real GTM doc

5. Don't underestimate Security Review. Budget for 2 to 3 cycles and pre-harden before submission

6. List a managed package and an Agentforce action together if you can. The launch wave is real

7. Don't treat the listing as a pipeline channel. Build outbound, content, and SI partnerships in parallel

8. Re-read your listing copy as if it were an FAQ for your buyer's job to be done. Keyword stuffing is dead on AgentExchange semantic search

Happy to dig into any specific stage in comments.

---

Disclosure: I cofounded Appnigma. We generate native Salesforce managed packages from natural language prompts, so I see this whole stack from the ISV side regularly. Wrote this guide as the resource I wish existed when I was figuring this stuff out. Not a pitch, no link, just sharing what I've learned.