Aquiva blog
Field notes from the practice
What we're learning shipping AI-assisted software on Salesforce and the broader cloud, written by the engineers and architects doing the work.
Mandatory Security Requirements for Connected Apps and External Client Apps Required by May 11, 2026
Salesforce has set a firm May 11, 2026 deadline for five new security controls on Connected Apps and External Client Apps. Here's what AppExchange partners actually need to ship — and what comes after.
The True Cost of a Customer Data Breach
A Salesforce data breach can cost mid-market companies millions—often exceeding annual revenue. From stolen customer records and mass churn to downtime, legal fees, and regulatory fines, the real impact is far worse than most leaders expect. This breakdown shows where the costs come from, what real-world breaches look like, and why visibility into Salesforce activity is no longer optional.
Grubhub Breach: Salesforce OAuth Tokens and Connected App Risk
Grubhub’s breach shows how stolen OAuth tokens can bypass SSO/MFA in Salesforce. Audit Connected Apps, revoke stale authorizations, and monitor API exports.
Aquiva Key: Unlocking Simple and Secure API Monitoring for Salesforce
Jakub Stefaniak explains why Salesforce API monitoring matters, what to watch for, and how to spot suspicious connected app behavior early.
AppExchange Partners: Salesforce Now Expects You to Monitor API Usage
Learn how AppExchange partners can monitor API activity and ensure Salesforce security with sAPIm. Get real-time insights and protect your Partner Business Org and Packaging Org
What Happened: The ForcedLeak in Salesforce Agentforce
Explore Salesforce security best practices, including encryption, API monitoring, and MFA to safeguard your data from evolving threats
Salesforce Security Starts with API Usage Monitoring
It’s Monday, 08:12. Your inbox says: “API usage reached 85% of your daily limit.” On Saturday. Nobody was supposed to be working. You open Salesforce to piece it together and hit a wall. The standard logs show only the last day. Saturday has already fallen off the edge. No reply. No trail. Just an alert...
Salesforce Connected Apps Security Update: Restrictions and Data Loader Changes (Q3 2025)
It might start with something simple. An admin testing a new integration. A developer trying out a handy tool. A user installing a connected app to make their workday easier.These small moments of convenience are exactly why Salesforce is tightening security around connected apps and the Data Loader tool. Beginning late August and early September...
When a Friendly Voice Becomes a Threat: What the Latest Extortion Campaign Means for Your Salesforce Org
It began, as these incidents often do, with a phone call. An employee, possibly busy and a bit rushed, answered what seemed to be a routine call from IT support. The caller was professional, courteous, and spoke with a sense of urgency. They claimed there was a problem with Salesforce data access and asked the...
A Deep Dive Into Salesforce External Client Apps
Explore the features and benefits of Salesforce’s External Client Apps and how they outperform Connected Apps for seamless integrations.
Navigating the Salesforce Security Review: What To Expect and How To Prepare
AppExchange security review is essential and it is important know how to prepare for it, and how to leverage Salesforce’s strict security requirements to ensure your product is ripe for the marketplace. In this article you will learn about all steps and details!
How to Work With Your Platform Partners and Reduce Supply Chain Security Risk
In this third and last blog series about supplier risk management, we will focus on the platform partners and their security risks. Learn how to leverage supplementary technology without jeopardizing your system’s integrity.
Subcontractor Risk Management & Supply Chain Security 2025
Learn how to reduce supply chain security risks through subcontractor risk management and compliance best practices to secure your digital supply chain.
Adapting to a Changing World: Why Supplier Risk Management Is Crucial for Success
In this Risk Management article, we’ll take a look at what Supplier Risk Management is, why it’s so important, and how to comprehensively assess your business's risks. We’ll also share how Aquiva Labs evaluates partners and platforms we rely on, as well as steps we proactively take to ensure that we are a responsible strategic development supplier to partner with.
