What’s the difference between Passed, Provisional Pass, and Failed?

If you’ve been granted Pass or Provisional Pass on your security review, it means we didn’t find any high risk vulnerabilities in your application. For Provisional Pass applications, we likely found medium risk vulnerabilities. We’ll work out a mutually acceptable timeline for you to remedy these items. In the meantime, we’ll give you the API token and you can list your application on the AppExchange. For a Failed application, you’ll first need to remedy the issues found before you can list your application on the AppExchange or get access to the API token.