Skip to main content

Partner Solution Development Standards

These Partner Solution Standards, including recommended best practices, are to ensure that Partner Solutions are created that meet OneStream Partner Solution development requirements. These Standards have been incorporated by reference into the Partner Solutions Development Supplement and together with the Universal Terms and Partner Schedule, govern the Partner’s participation in OneStream’s Partner Program (“Agreement”).

Base Standards

The following are the core coding and development standards that should be in place for any solution submitted to be included in Partner Solutions.

Testing

Before submitting solutions to Partner Solutions, it is expected that Partners have performed reasonable unit testing, performance testing, and quality assurance testing.

  • Partners are encouraged to test for any functional issues or bugs that may arise from a platform version update within the timeframes set forth in the Partner SLA Requirements, and further specified in the Partner Responsibilities section below.
  • Partners must also perform security testing and provide testing logs to OneStream upon request.
  • Any refactored solution must go through the full solution submittal process.

API Usage

  • Solutions must use the OneStream Business Rule API (BRApi) unless an API with equivalent functionality is published or otherwise agreed upon.
  • OneStream may change published and non-published public functions without prior notice. To request access to a non-published function, use the Unpublished API Request Form.
  • Partner Solutions may directly query OneStream core tables or solutions (e.g. TXM, OFC, ACM, SML, etc.), when a BRApi or API is not published to provide information from these tables. Updating, modifying, editing, or writing to the core or solution tables is prohibited.

Security

  • Solutions must parameterize SQL queries to prevent vulnerabilities like SQL injection attacks.
  • All parameters must be validated before and after running the solution.

Performance

  • Solutions with long-running synchronous jobs may be subject to suspension.
  • Excessive error logging may also lead to suspension.

Code Quality

  • Solutions must have commented code, error-handling checks, and user messages.

Installation and Uninstallation

  • Solutions must have an installer and an uninstaller that removes all created artifacts and data.
    • A good resource for what this should look like is the Solution Starter Kit found on Community Solutions. You can also check see the Uninstall Guide for more information.
  • A partial uninstall routine can also be provided.

Naming Convention

Operational Support

  • Partners are encouraged, but not required, to support their solutions.

External Libraries

  • Solutions must only use native core OneStream platform DLLs. In the event a non-native DLL is needed, Partner will submit the request via the Custom DLL Request Form.

OneStream Solution Review

Scans & Review Requirements

Code Scanning

  • All solutions created on Platform Version 8.0 will be scanned using Marketplace Solution Tools (MST) and/or other code-checking tools.
  • For solutions on v8.0 developers should use MST during development and before submission. MST checks for various potential issues, including:
    • Unsafe SQL queries
    • Unused SQL queries within command-type parameters
    • Unsupported solution or file types
    • Solution initialization failures
    • Missing database connection statements (Using() statements)
    • Uninitialized or untyped variables
    • Functions missing return types
    • References to external assemblies (.dll files), databases, or processes
    • Security violations related to user and group modifications

Code Review

  • OneStream may manually review solution code before approval.
  • Encrypted submissions must be resent in an unencrypted format.

Security Review

  • OneStream will conduct a manual security review and scan of solutions in an unencrypted format.
  • Encrypted submissions must be resent unencrypted.
  • Security tests will cover areas like access control and injection flaws.

Installation Tests

  • Solutions must pass installation tests, including:
    • Loading and uncompressing all solution files.
    • Verifying the presence of all created tables, dashboards, and business rules.
    • Ensuring data structure matches the solution's install guide.
    • Successful compilation of all business rules.
    • Successful loading of the solution.
  • All Partner Solutions must prompt for license key on first run.

Uninstall Tests

  • Solutions must pass uninstall tests, including:
    • Having an uninstall option in the solution settings.
    • Providing options for full and UI uninstallation in the uninstall dashboard.
  • Full uninstallation tests include:
    • Executing the full uninstall option.
    • Verifying the removal of all solution dashboards, UI elements, and business rules.
    • Verifying the removal of all solution tables and data.

Solution Removal

Any solution that causes performance or functional issues with OneStream offerings may immediately be suspended or removed. The solution will not be reinstated until the developer resolves the issue and resubmits it for approval by OneStream.

Partner Responsibilities

Documentation Requirements

All Partner Solutions must meet the below requirements to be listed in Partner Solutions:

  • Provide a Solution and Company icon, Partner Solution name, and point of contact.
  • Include a Solution Overview with the formatting as specified in the Solution Overview Template.
  • Provide OneStream the items required for the Partner Solutions listing as specified in the Partner Solution Listing Artifacts Guide.
  • A completed Partner Developed Solution Estimation, or upon the discretion and approval by OneStream, provide similar documentation for estimation.
  • A completed compliance and IT security vetting form, specified in the Partner Vetting Survey.

Solution Support Requirements

Partner Solutions are required to meet the below requirements as further specified in Partner SLA Requirements:

  • A documented service level agreement (“SLA”) with Customers that meets the minimum SLA support.
  • Provide key support organization and emergency point of contact for use by the OneStream Specialty Engineering team.

Supporting Documentation

Last updated on