100% Salesforce Native

Integrations fail silently.
Not anymore.

Auto-discover, monitor, and protect every Salesforce integration endpoint. Circuit breakers, smart alerts, full analytics—all inside your org.

Get Started Free How It Works
callout-guardian / dashboard
71
Endpoints Up
2
Down
4
Degraded
96.2%
Health Score
EndpointStatusResponseUptime
api.stripe.comUP142ms99.98%
auth0.com/oauthUP89ms99.95%
legacy-erp.internalDOWN94.21%
smtp-relay.corpSLOW2,340ms97.50%
s3.amazonaws.comUP67ms99.99%
100% Native Salesforce
0 External Dependencies
133 Apex Classes
Per-Org Licensing

The Problem

Your integrations break. In silence.

Named Credentials misconfigured. SSL certificates expired. Third-party APIs returning 500s. By the time someone reports it, the damage is done.

83%
of integration failures are discovered by end users, not monitoring
4.2h
average time to detect an outage without proactive monitoring
$5,600
per minute—average cost of critical integration downtime
✖ Without Callout Guardian
Integrations fail. Nobody knows.
  • No visibility on active endpoints
  • Alerts only when a customer complains
  • MTTR > 4 hours (manual investigation)
  • SSL certs expire without warning
  • No circuit breakers — cascading failures
  • SLA reports impossible to produce
✔ With Callout Guardian
Real-time detection. Auto-resilience.
  • Auto-discovery: 8 sources, every endpoint
  • Proactive multi-channel alerts (email, Slack, webhook)
  • MTTR < 15 min (guided runbooks)
  • SSL alerts J-30/14/7/1 + auto TLS inspection
  • Circuit breaker + retry + bulkhead + fallback
  • SLA compliance reports auto-generated

How It Works

Up and running in 60 seconds.

No config files. No external servers. Just install, discover, and monitor.

Install
One-click install from AppExchange. No dependencies, no external services required.
Discover
Auto-scans 8 sources: Named Credentials, Remote Sites, Apex, Flows, Certificates, and more.
Monitor
Scheduled health probes with 17 error classifications. Real-time dashboard and Platform Events.
Protect
Circuit breakers, retry, bulkhead, fallback. Alerts via email, Slack, Teams, and webhooks.

Guided Setup

Your first health check in under 2 minutes.

The built-in Setup Wizard walks you through every step—no documentation required.

1
Permission Setup
Assign Permission Sets to admins and viewers
2
Discovery Scan
Auto-detect all integration endpoints in your org
3
Configure Alerts
Choose notification channels and escalation rules
4
Activate Monitoring
Schedule health checks and view your first results
Ready to Go
Your org is protected
Callout Guardian — Setup Wizard
Permission Setup
Assign the right access levels. Four built-in Permission Sets cover every role.
CG Admin — Full config, manage endpoints & alerts
CG Viewer — Read-only dashboard access
CG Alert Recipient — Receive alert notifications
CG API User — REST API & webhook access
Discovery Scan Results
We scanned 8 metadata sources and found your integration endpoints automatically.
🔒 Named Credentials 12
🌐 Remote Sites 23
🛡 CSP Trusted 8
🗂 External Data 3
Apex Code 31
🔄 Flows 5
📄 Ext. Services 0
🔐 Certificates 6
88 endpoints discovered across 7 sources — ready to promote
Alert Configuration
Pick your notification channels. Mix and match per severity level.
✉️ Email Alerts
Native Salesforce email. No config needed beyond recipient list.
💬 Slack
Incoming webhook to any channel. Rich message formatting.
👥 Microsoft Teams
Connector webhook with Adaptive Card layout.
🔗 Webhooks
HMAC-signed payloads to any endpoint. Retry with exponential backoff.
Escalation Policies Cooldown Windows Maintenance Schedules
First Health Check Running
Monitoring is live. Here are your first probe results across all promoted endpoints.
Healthy (UP)
61
Degraded
9
Down
4
Unknown
4
🕑 Next scheduled check in 4m 32s — runs every 5 minutes
🛡
Your Org Is Protected
Callout Guardian is actively monitoring 78 endpoints across 7 integration sources. You'll get alerted the moment anything fails.
Total setup time: 1m 47s

Capabilities

Eight modules. One command center.

Everything your org needs to tame integrations, from discovery to recovery—and beyond.

🔍

Auto-Discovery

Scans your entire org to find every integration endpoint. Named Credentials, Remote Sites, Apex code, Flows, External Services—nothing hides. New endpoints trigger automatic TLS inspection on discovery.

Named Credentials Remote Sites CSP Trusted Sites External Data Sources External Services Outbound Messages Apex Scanner Flow Scanner
🔐

Certificate Intelligence

Full TLS lifecycle management. Chain validation, expiry calendar, renewal pattern analysis, and authority health tracking across every endpoint.

api.stripe.com — TLS 1.3 — 247d auth0.com — TLS 1.2 — 14d legacy-erp — TLS 1.1 — DEGRADED s3.aws — TLS 1.3 — 189d 🔗 Chain: Root → Inter → Leaf ✓ 📅 Renewal pattern: Q2 spike
Chain Validation Expiry Calendar TLS Version Check Multi-SAN CA Health
🟢

Health Monitoring

Continuous probes with 17 error classifications. Knows a timeout from a DNS failure from a rate limit. Health scores and real-time Platform Events.

17 Error Types Health Score Dynamic Batch Platform Events

Circuit Breaker & Resilience

Stop cascading failures. Auto-trip, configurable thresholds, half-open recovery, plus retry, timeout, bulkhead, and fallback patterns.

Circuit Breaker Retry Timeout Bulkhead Fallback
🔔

Smart Alerting

Multi-channel alerts with escalation policies, suppression cooldowns, maintenance windows, and native PagerDuty / OpsGenie integration.

Email Slack Teams PagerDuty OpsGenie Escalation
📈

Analytics & Intelligence

Trend sparklines, anomaly detection, failure prediction, risk heatmap, and blast radius impact analysis. SLA compliance with SSL uptime split.

Risk Heatmap Blast Radius Sparklines Anomaly Detection Failure Prediction SLA Reports Auto Post-Mortem
🚀

Ops & Integration

Public status page, executive digest emails, Terraform/CLI config export, and webhooks to plug into your existing monitoring stack.

Status Page Digest Email Terraform Export REST API HMAC Webhooks

UX & Developer Experience

Interactive guided runbooks for all 17 error types. Dark mode with --g--dark tokens. Onboarding tour with contextual tooltips. Developer portal with full API docs.

Guided Runbooks Dark Mode Onboarding Tour Developer Portal Rate Limits

All Features

The complete feature breakdown.

Every capability, organized by module. Tier badges show minimum required plan.

🔍
Discovery
Named Credential scanner Free
Remote Site Settings scanner Free
CSP Trusted Sites scanner Free
External Data Sources scanner Free
External Services scanner Pro
Outbound Messages scanner Pro
Apex code scanner (Tooling API) Pro
Flow callout scanner Pro
Auto-config with service presets Pro
Continuous discovery (scheduled) Pro
Discovery reports & stats Pro
Auto TLS check on endpoint discovery Pro
🔐
Certificate Intelligence
SSL certificate expiry alerts (J-30/14/7/1) Free
Cert expiry calendar LWC Free
TLS auto-inspection (Heroku) Pro
Chain validation dashboard (Root → Leaf) Pro
TLS version check (1.0/1.1 flagged DEGRADED) Pro
Multi-SAN certificate tracking Pro
Certificate authority health tracking Pro
Webhook events for cert expiry Ent
CertRenewalPatternAnalyzer (renewal recs) Ent
SLA with SSL uptime split Ent
🟢
Health Monitoring
HTTP HEAD/GET health probes Free
17 error type classifications Free
Configurable probe intervals Free
Response time tracking Free
Consecutive failure counting Free
Dynamic batch size optimization Free
Health score calculation Free
Platform Event real-time updates Free
Resilience Engine
Circuit breaker (CLOSED/OPEN/HALF_OPEN) Pro
Configurable failure thresholds Pro
Manual force-open / force-close Pro
Retry with exponential backoff Pro
Configurable timeout per endpoint Pro
Bulkhead pattern (concurrency limits) Pro
Fallback strategies (cached / static) Pro
Fluent wrapper API (CalloutGuardian.send) Pro
Circuit breaker dashboard & heatmap Pro
🔔
Alerting & Incidents
Email alerts (Salesforce native) Free
Slack channel notifications Pro
Microsoft Teams notifications Pro
Custom webhook alerts Pro
Escalation policies (multi-level) Pro
Alert suppression & cooldowns Pro
Maintenance windows Pro
PagerDuty native integration Ent
OpsGenie native integration Ent
Incident tracking (MTTD/MTTR) Free
Alert history & acknowledgment Free
📈
Analytics & Intelligence
Trend analysis with sparklines SVG Pro
Anomaly detection (auto-baseline) Pro
Failure prediction (FailurePredictor) Ent
Risk heatmap LWC Ent
Blast radius impact analysis (BFS) Ent
Incident post-mortem auto-generation Ent
Dependency mapping visualization Ent
SLA compliance reports Ent
Endpoint auto-tagging (rules) Free
Business criticality scoring Free
🚀
Ops & Integration
Scheduled digest email (ExecutiveReportService) Pro
Public status page (Site + REST) Ent
REST API (endpoints, incidents, alerts) Ent
HMAC-signed webhooks Ent
API rate limiting (tier-based) Ent
Terraform / CLI config export Ent
UX & Administration
Setup wizard (guided onboarding) Free
Admin panel (config overview) Free
Dark mode (--g--dark design tokens) Free
Onboarding tour (contextual tooltips) Free
Guided runbook execution (17 error types) Pro
4 Permission Sets (Admin, Viewer, Alert, API) Free
Custom Labels (EN + FR, i18n ready) Free
Data retention batch (configurable) Free
Developer portal (LWC) Ent
PostInstall & UninstallHandler Free

Developer Experience

Three lines to protect a callout.

Wrap any HTTP callout with circuit breaker, retry, timeout, and bulkhead in a single fluent call.

REST API Endpoints
GET /services/apexrest/cguard/v1/endpoints
GET /services/apexrest/cguard/v1/incidents
POST /services/apexrest/cguard/v1/alerts
GET /services/apexrest/cguard/v1/health
MyService.cls
// Before: raw HttpRequest, no protection // After: full resilience in one call GuardianResponse res = CalloutGuardian.send( 'https://api.stripe.com/v1/charges', new CalloutOptions() .setMethod('GET') .setTimeout(10000) .setRetries(3) .setCircuitBreaker(true) .setFallbackValue('cached') ); if (res.isSuccess) { // Process response } else if (res.fallbackUsed) { // Graceful degradation }

By the Numbers

Enterprise-grade. Proven at scale.

133
Apex Classes
63
LWC Components
17
Error Types
8
Discovery Sources
20
Config Types (CMT)
1,116
Labels (EN + FR)

Security & Compliance

Designed for AppExchange. Security Review Ready.

Every line of code built to pass Salesforce Security Review and Checkmarx analysis. Feature-complete and ready for AppExchange submission.

🔒
CRUD/FLS Enforced
WITH SECURITY_ENFORCED and Security.stripInaccessible() on every query.
🚫
No Data Leaves Your Org
Zero external servers. All data stored in your Custom Objects. Period.
🕵
Sensitive Headers Masked
Authorization, Cookie, API keys automatically stripped before storage.
Checkmarx Clean
Zero CRITICAL/HIGH findings. No SOQL injection, no XSS, no hardcoded secrets.

Pricing

Start free. Scale when ready.

Per-org licensing—no per-user fees. Every user gets full access at your tier.

Free
$0 / org / mo

Essential monitoring for small orgs.

Up to 5 endpoints
4 discovery sources (SOQL)
Health checks + email alerts
7-day data retention
SSL certificate expiry alerts
Circuit breaker & resilience
Get Started Free
Most Popular
Pro
$49 / org / mo

Full resilience for growing teams.

Up to 50 endpoints
8 discovery sources (+ Tooling)
Circuit breaker, retry, bulkhead
Anomaly detection + trends
Multi-channel alerts + 1 webhook
90-day retention + email support
Get Pro at Launch
Enterprise
$149 / org / mo

Unlimited scale + predictive intelligence.

Unlimited endpoints
Everything in Pro
Failure prediction + dependency map
SLA compliance reports
REST API + unlimited webhooks
Priority support + configurable retention
Contact Sales

Estimate your investment

Drag the slider to see per-org pricing across tiers.

10
Free $0 /mo — up to 5 endpoints
Pro $490 /mo — full resilience
Enterprise $1,490 /mo — unlimited + API
Feature comparison across Free, Pro, and Enterprise tiers
FeatureFreeProEnterprise
Discovery
Monitored endpoints550Unlimited
SOQL-based scanners444
Tooling API scanners44
Auto-config (service presets)
Continuous discovery
Monitoring
Health check probes
17 error classifications
Certificate monitoring3UnlimitedUnlimited
TLS auto-inspection
Certificate Intelligence
Expiry alerts & calendar
Chain validation & TLS version
Multi-SAN & CA health
Renewal pattern analysis
Resilience
Circuit breaker
Retry & timeout
Bulkhead & fallback
Alerting
Email alerts
Slack / Teams
Escalation policies
Maintenance windows
Intelligence
Trend sparklines & anomaly detection
Failure prediction & risk heatmap
Blast radius & dependency mapping
Auto post-mortem & SLA compliance
Ops & Platform
REST API
Webhooks1Unlimited
Status page & Terraform export
Digest email reports
PagerDuty / OpsGenie
UX & Admin
Dark mode
Guided runbooks (17 types)
Onboarding tour
Data retention7 days90 daysConfigurable
SupportCommunityEmailPriority

FAQ

Common questions.

No. 100% Salesforce-native. All data stays in your org's Custom Objects. The only outbound traffic is health check probes to endpoints you configure.
Enterprise, Developer, and Unlimited. Uses Platform Cache where available, falls back to Custom Settings on editions without it.
Per-org, not per-user. Install once, every user with the right Permission Set gets full access. No seat counting, no per-user fees.
Your data stays. The UninstallHandler cleans up scheduled jobs, but all records in Custom Objects remain under your control until you delete them.
Health probes count toward callout limits. The batch scheduler auto-optimizes batch sizes using dynamic sizing to stay within governor limits. Config loads from CMT (zero SOQL cost).
Built from day one to pass Salesforce Security Review and Checkmarx. Enforces CRUD/FLS everywhere, masks sensitive headers, no innerHTML/eval in LWC, no hardcoded secrets. All 133 production classes and 132 test classes are feature-complete and ready for submission.
Absolutely. Named Credentials are one of the 8 discovery sources. Health probes respect your org's Named Credential authentication automatically.
Yes. The Free tier (5 endpoints, 4 sources, email alerts, 7-day retention) is permanently free with no credit card required. Upgrade only when you need more.

Real-World Scenarios

Built for teams who can’t afford silent failures.

Three scenarios where Callout Guardian changes the outcome.

Discovery

Shadow endpoints uncovered

A financial services org runs their first auto-discovery scan. Callout Guardian finds 23 undocumented endpoints—including 3 with expired SSL certificates that no one was monitoring.

Full integration inventory in under 60 seconds. Zero blind spots.
Resilience

Stripe outage, zero user impact

An e-commerce platform’s payment gateway goes down during peak hours. The circuit breaker detects the failure in 3 calls, activates the fallback, and queues retries automatically.

2,000 transactions protected. Automatic recovery when gateway returns.
Setup

90 seconds from install to monitoring

A healthcare admin installs the package. The setup wizard auto-discovers Named Credentials, applies service presets, and starts health checks—before the admin finishes reading the docs.

No configuration needed. Intelligent defaults do the work.

Why Native Matters

Everything runs inside your org.
Nothing leaves it.

Unlike external APM tools, Callout Guardian is a 100% Salesforce-native managed package. Here’s why that changes everything.

Zero data egress

Monitoring data never leaves your Salesforce org. No external servers, no third-party storage, no additional DPAs to sign. Your security team will love it.

Datadog / New Relic Requires exporting logs & metrics to external cloud

Governor-limit aware

Dynamic batch sizing, CMT-based config (zero SOQL), async log flushing. Built by Salesforce architects who understand the 100-callout limit isn’t optional.

External APM Blind to Salesforce limits—can’t optimize batch sizes or callout budgets

One platform, one UI

No tab-switching between Salesforce and an external dashboard. Circuit breakers, alerts, incidents, and analytics all live where your admins already work.

Standalone tools Separate login, separate billing, separate context

Install in 90 seconds

No agents to deploy, no firewall rules to open, no infrastructure to provision. Install the package, run the wizard, and monitoring starts automatically.

Agent-based monitoring Requires infrastructure, network config, ongoing maintenance

Ecosystem

Monitors every service you rely on

Auto-discovery finds Named Credentials, Remote Sites, External Services, Apex HTTP calls, and more.

Salesforce Stripe SAP SendGrid HubSpot Datadog Okta AWS Slack Workday Twilio ServiceNow MuleSoft Azure Adyen DocuSign Jira NetSuite

Get notified when Callout Guardian launches.

All features are built, tested, and Security Review ready. Leave your email and we’ll notify you the moment it’s live on AppExchange—plus early adopters get 3 months of Pro free.

No spam. Unsubscribe anytime. See our Privacy Policy.