Instant OAuth approval requirement

Solved
Highlighted
Tourist
6 0 2

I'm working on an app that will plug into multiple shop/marketplace platforms and I would like to include Shopify, but am unsure how I can get it approved as a public app.  My app requires the user to create an account, select their platform (i.e. Etsy, WooCommerce, Shopify etc) and enter the shop URL, and from there the app initiates OAuth approval.

I think that is a pretty normal process and it works fine with other platforms, but it doesn't suit this app approval requirement: "When a merchant clicks Add App from your app's listing, your app must immediately authenticate using OAuth before any other steps occur".

I'm not really interested in having an app listing at all, but apparently it is a requirement.  Do I have to create some specialized process for Shopify that auths with shops before the user has created an account on my side (since I can't just direct them to create an account first)?  Or is there some easier solution that I'm missing?  The whole app listing/approval setup seems so convoluted that I feel like I must be missing something.

0 Likes
Highlighted
Pathfinder
126 11 19

This is an accepted solution.

Do I have to create some specialized process for Shopify that auths with shops before the user has created an account on my side (since I can't just direct them to create an account first)?

Yes, reference is here: https://shopify.dev/tutorials/authenticate-with-oauth

It is a bit convoluted and the documentation isn't the best, but the way you know that you are meeting this requirement is if you use the "install on development store" link from the partner app dashboard and your app installs correctly. This took me a while to figure out, but essentially if your app is hosted at myshopifyapp.myhosting.com, when you click on "install" then Shopify will automatically append hmac and shop parameters which will enable you to identify the shop and validate the request. From there, you can generate the permissionUrl which will show the OAuth page and then route accordingly. 

Also know that unless it's a free app, you'll have to implement Shopify's Billing API as well. 

1 Like
Highlighted
Tourist
6 0 2

Thanks @policenauts1 that does help clarify the required process.

The Billing API requirement is another curveball since I have already developed my own billing that is platform agnostic.  I'm realizing the problem is that I'm building a multi-platform SaaS, not a Shopify app, and I was looking at the whole app setup just as a way to get API access for my service.  But this is more of a walled garden situation, where the app is expected to be built around Shopify.

It's looking like the most practical solution for me is to create a separate Shopify app that just provides data integration for my service, and publish it as a free app.  Do you think there would be any pitfalls with that approach?

0 Likes
Highlighted
Pathfinder
126 11 19

I'd do a search, I think others have posted before about specifying their app is free, but then Shopify still dings them on the review for not having the Billing API integrated if the app is paid elsewhere. I grumbled a lot when I found out app developers were required to manage and implement the Billing API, but it ended up taking me less than half a day to implement, starting from scratch including research. Maybe this will save you time - use GraphQL instead of REST API since it activates the charge automatically: https://shopify.dev/docs/admin-api/graphql/reference/mutation/appsubscriptioncreate?api[version]=202...

During installation you will have to write your own conditional to check if the shop has an active subscription and if not, after they install your app you route them to the billing confirmationUrl that's returned in the graphql query. And then you'll have to append shopOrigin yourself to the returnUrl since Shopify only appends charge_id, and then route them to your app after that. Hopefully that helps.

0 Likes
Highlighted
Tourist
6 0 2

Thanks, I'll search around and see what I can find. I could see Shopify worrying about people taking that approach as a way to dodge fees but I just want some way to make this work.  The more I learn about the requirements & review process, the more surprised I am at how much Shopify wants to control and micromanage apps & developers.

Does Shopify's billing API allow me to bill non-Shopify customers as well?  In my case, I was planning on billing based on total order volume across all shops/integrations (since that determines workload & costs).  Not sure if that billing approach is compatible with Shopify's requirement B2: "If your app has multiple pricing plans, then merchants must be able to upgrade and downgrade their plan without having to delete the app or contact support." since my billing rate would adjust automatically based on monthly order counts.

0 Likes
Highlighted
Pathfinder
126 11 19

No, billing api charges through Shopify and it's only for Shopify public apps. In your case I think there's a usage-based plan which would apply. 

0 Likes