Table of Contents
Shopify’s App Store is one of the most trusted marketplaces for merchants looking to extend their stores with new functionality. However, getting an app approved is more than simply building useful features. Every submission must meet Shopify’s technical, security, billing, user experience, and listing requirements before it can be published.
Failing to comply with these guidelines can lead to delays, repeated review cycles, or outright rejection. This guide explains the key Shopify App Store requirements, why they exist, and the best practices developers should follow to improve their chances of a smooth approval process while creating a secure and reliable experience for merchants.
Key Takeaways
- Operates entirely within Shopify’s platform, with no offsite checkout, unauthorized payments, or unapproved marketplace behaviour.
- Bills exclusively through Shopify App Pricing or the Shopify Billing API.
- Uses the GraphQL Admin API, authenticates via OAuth immediately, and runs without UI bugs or web errors.
- Requests only the access scopes it actually needs, over a valid TLS/SSL connection.
- Has a listing with accurate, non-promotional copy, correctly placed pricing, and no testimonials or unsubstantiated claims.
- Meets any additional category-specific requirements relevant to its function (online store, payments, subscriptions, checkout, sales channel, and so on).
- Avoids deceptive checkout patterns, no hidden charges, no manipulated shipping defaults.
Why These Guidelines Exist?
Shopify states that to qualify for the Shopify App Store, an app must meet a defined list of requirements, each one designed to uphold app quality standards. Some requirements apply to every app, while others are category-specific, depending on what the app does.
These requirements aren’t static, Shopify notes they are “subject to change” as the platform and developer tools evolve, and apps are expected to keep up with new requirements as they are added. The App Excellence Team conducts regular quality checks, and the Shopify App Review team retains discretion to reject apps that don’t meet the bar, even outside the explicit checklist.
Not sure your app checks every box on Shopify’s list? Talk to our Shopify app development team and get it review-ready.
Shopify App Store Guidelines
1. Policy: Operating Within Shopify’s Platform
The foundation of every requirement is the Partner Program Agreement. Partners are expected to act in good faith and in the best interests of merchants and buyers and must not circumvent critical platform functionality.
A major theme here is that apps must be secure, truthful, and privacy-safe, and must operate within, not around, Shopify’s core systems. This rules out apps that provide unauthorized services such as offsite payments, unapproved marketplaces, agency brokering, unauthorized content copying, refunds outside the original processor, or capital lending.
Checkout Integrity: Apps can’t bypass Shopify checkout or payment processing, and offsite checkouts that Shopify can’t guarantee the safety of are prohibited.
No Duplicate Apps: Apps must be unique, not identical to other apps the same developer has already published.
Web-Based Only: Apps must not require a desktop application to function.
Factual Listings: No fake reviews, false purchase notifications, or deceptive claims; listings must only include factual information.
Single-Merchant Storefronts: Apps that turn stores into classifieds-style marketplaces aren’t allowed; true marketplace platforms should apply as sales channels instead.
No Capital Lending: Apps offering loans, cash advances, or purchase of receivables are not permitted.
No Agency Brokering: Apps can’t connect merchants to external agencies or freelancers.
Session Token Authentication: Embedded apps must function without relying on third-party cookies or local storage, including in Chrome incognito mode.
Optional Browser Extensions: Browser extensions are only permitted as an optional feature, never as the app’s core requirement.
Refunds via Original Processor: Refunds must go through the original payment processor, and store credit refunds must use approved mutations.
Shopify POS Only: Apps connecting to a POS system outside Shopify currently aren’t accepted.
Theme Store Direction: Apps must not let merchants download themes outside the official Shopify Theme Store.
Billing rule: Apps that use off-platform billing cannot be distributed through the Shopify App Store. Charges must go through Shopify App Pricing or the Shopify Billing API, and merchants must be able to upgrade or downgrade plans without contacting support or reinstalling the app.
There are also rules around buyer trust at checkout: apps can’t pre-select optional charges that raise the order total without explicit buyer consent, and they can’t reorder shipping options, so the cheapest one isn’t selected by default.
Compliance issues are the biggest reason apps get rejected. Let our team handle the development so you can focus on growing your app, not fixing it.
2. Functionality: Reliability and Platform Integration
Shopify expects apps to deliver exactly what their listing describes, with core functionality that works properly and complies with the Partner Program Agreement and Acceptable Use Policy.
Create Reliable, User-friendly Apps
Every app must have an operational UI regardless of how it’s launched. While operational errors within the app’s own functionality are tolerated, web errors like 404s, 500s, and 300s are not acceptable, since they can block the review process entirely. Apps that synchronize data with Shopify must ensure that data stays accurate and consistent across the Shopify admin, the app, and any connected platforms.
Use Shopify’s APIs and Platform Tools
Apps must use Shopify’s APIs and integrate platform tools like Shopify App Bridge for an embedded admin experience. Since April 2026, all new public apps must be built exclusively with the GraphQL Admin API, with the REST Admin API now considered legacy. Admin extensions, UI blocks, actions, and links, must be feature-complete and provide genuinely new functionality, and they are not allowed to display promotions, advertisements, or review requests. The same restriction applies to Sidekick app extensions, which must also stay materially consistent with the app’s stated functionality across its configuration, listing, and runtime behaviour.
Provide seamless and secure installation
Installation must be initiated only from Shopify-owned surfaces, apps can’t ask merchants to manually enter a myshopify.com URL. Apps must authenticate via OAuth immediately, before any other steps occur, even on reinstall, and merchants must be redirected straight to the app UI once they accept the permissions request.
3. Security Requirements
App security protects both merchant businesses and their data, and Shopify treats it as critical before any app submission is reviewed.
Valid TLS/SSL certificates: All data exchanged between a merchant’s browser and the app server must be encrypted, with no certificate errors.
Minimum necessary access scopes: Apps must request only the access scopes they actually need and may be asked to justify sensitive scopes such as read_all_orders, write_payment_mandate, write_checkout_extensions_apis, and read_advanced_dom_pixel_events. Shopify recommends using optional scopes for anything that isn’t needed by every merchant.
4. App Store Listing Requirements
Your listing is typically a merchant’s first impression of your app, so Shopify holds listing content to its own set of standards covering branding, pricing, accuracy, and assets.
Branding Consistency: The app name shown in the Developer Dashboard (via the TOML configuration) must match, or closely resemble, the name on the App Submission form that controls the public listing.
Pricing Transparency
| Rule | What it means |
|---|---|
| Accurate, complete pricing | All pricing options, including free trial length and charge details, must be disclosed. |
| No pricing in images | Pricing can’t appear in app icons or listing images, it belongs only in the designated Pricing details section. |
| No pricing elsewhere | Keeping pricing information out of unrelated listing areas prevents merchant confusion. |
Truthful, Accurate Listing Content: Listings can’t include reviews or testimonials (those are added automatically based on merchant feedback), and can’t reference unsubstantiated stats, data, or guarantee-style claims, including superlatives like “the first,” “the best,” or “the only.” Listings must indicate if the Online Store sales channel is required, disclose any geographic requirements, use tags that accurately reflect the app’s primary function, and list only languages the app’s UI actually supports.
Clear Assets and Descriptions: App details must clearly explain functionality with enough information for merchants to confidently install, avoiding excessive marketing keywords or a bare feature list. Shopify trademarks can’t be used in app icons, banners, or screenshots beyond what’s needed to indicate Shopify compatibility, and screenshots should be unique, focused on the actual app UI, and free of desktop backgrounds or browser chrome.
Submission Completeness: Before submitting, developers must include valid test credentials with full feature access, a demo screencast (in English or with English subtitles) showing onboarding and core features, and an up-to-date emergency developer contact in the Partner Dashboard. Apps that meet Shopify’s definition of a sales channel must be configured and submitted as one; apps that don’t shouldn’t carry sales channel configuration.
If you’re an agency without an in-house team to handle Shopify app compliance, our white label Shopify service builds and delivers approval-ready apps under your brand, NDA protected.
5. Category-Specific Requirements
Certain app types carry unique risk profiles and therefore unique rules, and a single app can fall into more than one category. A few examples of how categories diverge:
1) Online store apps must modify themes only through theme app extensions, never direct code changes, and must include detailed setup instructions for app embeds and blocks.
2) Payment apps must be built on the Payments API after formal authorization, use only Shopify-approved payment methods, never embed into the Shopify admin, and sign a revenue share agreement.
3) Purchase option (subscription) apps must let buyers manage and cancel subscriptions through a customer portal, show the selling plan name in the cart, and link subscriptions directly to orders and customers in the Shopify admin.
4) Product sourcing apps can’t mark orders fulfilled before payment is verified, must use a PCI-compliant gateway for cost-of-goods charges, and can’t source high-risk products like cannabis, alcohol, or weapons.
5) Checkout customization apps can’t request payment information, add countdown timers, or duplicate fields already captured by Shopify’s standard checkout form.
6) Sales channel apps must use Polaris components, redirect customers to Shopify’s checkout with pre-loaded carts, and let merchants disconnect their account without contacting support.
7) Post-purchase apps must redirect to the order confirmation page after a response, cap consecutive upsell requests and show identical product information to what’s in the merchant’s store.
8) Donation apps need verified charitable status, must route all donations through Shopify Checkout, and must disclose any operating-cost percentage taken from donations.
9) Blockchain (NFT) apps must avoid storing personal data on-chain, support primary NFT sales only, and exclude secondary or creator-unrelated royalties.
The full category-by-category requirement list is detailed on Shopify’s App Store requirements page.
Shopify App Store Best Practices
Best Practices for a Smoother Review
Alongside hard requirements, Shopify also publishes best practices meant to improve the overall quality of the merchant experience, even where they aren’t strict pass/fail criteria.
Installation and Setup: Shopify recommends avoiding pop-up windows for essential functionality like OAuth or charge approval, since pop-up blockers can break the flow entirely. If an app captures payments manually and might create multiple payments per order (for example, through post-purchase upsells), Shopify suggests telling merchants this directly in both the listing and the setup instructions.
App Performance: Apps shouldn’t reduce a store’s Lighthouse performance score by more than 10 points. Shopify calculates a weighted average impact score across three-page types:
| Page | Weight |
|---|---|
| Home | 17% |
| Product details | 40% |
| Collection | 43% |
Because Lighthouse scores vary between runs, Shopify recommends testing frequently during development and averaging scores across a few consecutive runs before submission.
Branding And Listing Content Best Practices
App names should be unique, start with the brand name rather than a generic descriptor, and stay under 30 characters; for example, “QTeck – Announcement Bar” rather than “Announcement Bar – QTeck.” Icons should use bold colours and simple patterns, avoiding text, screenshots, or Shopify trademarks.
For the app introduction and feature list, Shopify’s guidance favours describing concrete merchant benefits over generic marketing language. A few of Shopify’s own do/don’t examples illustrate the difference:
App introduction: do vs. don’t
Do: “We package and ship your orders. Fast, simple fulfilment can boost sales and delight customers.”
Don’t: “Get your products shipped fast. We’ll take care of all the busy work for you.”
Shopify’s reasoning: show specific benefits that drive value and avoid generic marketing language.
Feature list: do vs. don’t
Do: “Reports that show you sales data in real time.”
Don’t: “Reports that use the latest push technology to offer you sales data with only 250ms of latency.”
Shopify’s reasoning: describe functionality that’s meaningful to merchants, not the technical mechanics behind it.
App discovery copy: do vs. don’t
Do: “Avoid lost sales by making pages load faster and improving SEO.”
Don’t: “Boost PageSpeed in 1 click. Increase conversions, SEO & sales.”
Shopify’s reasoning: highlight the benefit to merchants instead of the function and avoid incomplete sentences.
Listings should also include a required privacy policy plus optional helpful links (FAQ, changelog, support portal, documentation), and translated listings are worth the effort, Shopify notes they convert up to 4x better in non-English markets. English-primary listings are automatically translated into Brazilian Portuguese, Danish, Dutch, French, German, Simplified Chinese, Spanish, and Swedish, covering fields like the app card subtitle, introduction, details, features, pricing, search terms, and image alt text.
Category-specific Best Practices Highlights
Apps rendered in the admin should use App Bridge for OAuth redirects, rely on session tokens instead of third-party cookies, and confirm the app functions correctly in Chrome’s incognito mode.
Mobile app builders should convert into a sales channel for checkout creation and avoid letting the mobile app itself make direct authenticated GraphQL Admin API calls, client secrets and access tokens belong on a secure web server, not on the device.
Checkout apps should keep network response times under one second and render skeleton components initially, so checkout isn’t blocked while content loads.
Avoiding Deceptive Checkout Patterns
Shopify is explicit about “dark patterns” that damage buyer trust. Three core design principles apply across the storefront, cart, and checkout:
Optional charges must be off by default: buyers should actively opt in, for example by checking a box, rather than having a charge pre-selected and disguised (such as labelling an added fee a “gift”).
Optional charges must be clearly itemized: simply showing a higher total isn’t sufficient disclosure; the added cost must be visible on the storefront, in the cart, and at checkout.
Shipping must default to the lowest-priced option: apps can’t reorder shipping methods, so a more expensive option appears selected by default.
Data Privacy and Support Expectations
Beyond functionality, Shopify expects strong data stewardship and merchant support. Apps should use only supported APIs, since Shopify notes that apps relying on APIs scheduled for deprecation within 90 days can’t be submitted. A privacy policy is required in every listing to build merchant trust and transparency.
On the support side, Shopify recommends providing clear, Shopify-specific help documentation and in-app guidance so merchants can resolve issues without contacting support, and keeping emergency developer contact details current in the Partner Dashboard so critical technical information reaches the right person.
Shopify reviews these requirements regularly, so it’s worth revisiting the official documentation periodically rather than relying on a one-time read-through. Building compliance in from the start, rather than retrofitting it before submission, will generally make the review process faster and reduce the chance of rejection.
Conclusion
Publishing an app on the Shopify App Store requires more than functional code, it requires full compliance with Shopify’s quality, security, and merchant experience standards. From using the correct APIs and billing methods to maintaining accurate listings, requesting only essential permissions, and following category-specific requirements, every aspect of your app contributes to the review outcome.
By designing with Shopify’s guidelines in mind from the beginning and regularly reviewing updates to the requirements, developers can reduce the risk of rejection, speed up the approval process, and deliver apps that merchants can trust with confidence.


