[object Object]

Marketplace extensions are tempting because they look like free wins. Some are. Many add custom modules, custom functions, and outbound webhooks you’ll spend years cleaning up. Vet before you install.

The 12-Point Checklist

Before any extension reaches production:

  1. Vendor maturity — How many installs? Last update date? Active support?
  2. Permissions requested — Read-only or read-write? Which modules?
  3. Data egress — Does it send data outside Zoho? Where? Which DC?
  4. Custom modules added — How many? What do they store?
  5. Custom fields added — Per module, how many?
  6. Workflow rules added — How many? On which modules?
  7. Custom functions — Source code visible? In what runtime?
  8. Outbound webhooks — Where do they call?
  9. OAuth scopes — Narrow or broad?
  10. Uninstall behavior — Does it leave data behind?
  11. Pricing model — Per-user, flat, usage-based?
  12. Vendor’s own privacy policy — Specifically, do they store customer data on their side?

If the listing doesn’t answer most of these, treat that as the answer.

Install in Sandbox First

Always. Every time. Take a snapshot of:

- Custom module count
- Custom field count per module
- Workflow rule count
- Custom function count
- Outbound URLs in webhook list

After install, diff. If the extension added 14 fields to Leads when its job is to sync calendar events, dig deeper.

The Uninstall Trap

Many extensions leave their custom modules and fields behind on uninstall — Zoho can’t safely delete what might contain your data. Plan the uninstall:

  • Export any data you need from the extension’s modules.
  • Uninstall.
  • Manually delete leftover modules, fields, and workflow rules.

Do this in sandbox first to confirm the cleanup steps.

Watch for Permission Creep

Extensions occasionally update their requested scopes. The next version asks for write access where the previous one needed read. Zoho prompts on update; don’t blindly approve.

Self-Built vs Marketplace

For high-leverage workflows (lead routing, scoring), build internally. Marketplace is best for:

  • Telephony connectors (proven category).
  • E-signature (commodity).
  • Specific industry data enrichers.

Avoid for: anything you can do with Deluge in under 200 lines.

What to Do This Week

  1. Inventory your installed extensions; note install date and last vendor update.
  2. Run the 12-point checklist against your top three.
  3. Drop any extension where the vendor hasn’t updated in 12 months.
  4. Sandbox-test the uninstall path for one you might remove.
[object Object]
Share