Application Penetration Test

New Member
2 0 0


We're in the process of devloping an app , part of our dev process (pre-submission) includes penetration tests.

In order to perform the Penetration Test (PT) for our app, we'll API calls both to Our Platform and to Shopify
Main goal here is mostly to find weaknesses in our app only.  
First, we'd like to make sure this is OK on your end?
Second, we are planning to test on our internal staging environment and would also like to find a similar solution on your end, can you suggest what can be a similar solution to a staging environment from your side?
Shopify Staff
Shopify Staff
587 72 129

Hey @YaelBY,


Shopify has many safeguards in place that protect the platform from requests that have the potential to cause problems or overload the system. For this reason, it's likely that pen testing your app will trigger these safeguards and give unreliable results. However with this in mind, you're free to test as long as you abide by the partner terms of service and API terms of service.


With regards to a staging environment, you can open development stores from your Partner Dashboard, which allow you to install apps and test without using a live shop. This doc contains instructions for creating a development store.

JB | Developer Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution