I try to publish my first application on Shopify App Store. When I first submit my app it was rejected with an error message, screenshot and video. Rejection has its explanation and issue was about usage of OAuth. After email we fixed issue, run our tests and deploy our app. Now we try to submit our app but after 2-3 days Shopify reject our app without making any requests to our app.
I try to talk with support but they do not have access to review team. How can I communicate review team? Why do they reject my app without testing it? How can I fix this issue?
I need to publish this app asap but I spend 2 weeks just for rejecting without even looking at it. Any recommendation?
Solved! Go to the solution
Thank you for your interest. I added SS of first rejection and last rejection. I follow Shopify reviews with logs and DB raws. When someone install our app, Shopify API makes OAuth request and we create Shop with authentication token. They didn't make any request and just reject our app.
Did you have any similar experience? Helps will be appreciated.
Got it. Based on the rejection notices though, it sounds like they are saying they can't even get to the permission URL where they then authorize your app (which then facilitates the OAuth code / token exchange). Did Shopify hit your db the first time and not the second time?
What is the process you are currently using to confirm your OAuth flow works? If you create a new development store in your partner dashboard, then click on "install on this development store," does the OAuth flow trigger correctly?
Shopify didn't hit our db at all. Not first and second time. But I understand why they can't hit in the first time but I can't see any reason for the second time.
In our first flow, it needs to create an account in our platform to create OAuth request for Shopify login. When we got first rejection, we realize what is needed and fix it with current structure.
Now we only shows "Login with Shopify" buttons on our landing pages and when user click on it, it asks Shopify web store link. When you enter your Shopify store's link, it ask permissions and finally when you approve permissions you redirected to our dashboard. All process done.
What can be missing? Why is this happening?
This is an accepted solution.
This is a common mistake - in order to pass Shopify's app review process, you cannot ask the user for any manual intervention like entering their shop. One easy way to get their shopOrigin is in the URL parameter after they click on 'Add App' ('shop' parameter) because all requests from Shopify will have the shop parameter appended. From there, you can check existence + validity of access token in your db and then if they are a new user construct the permission URL for OAuth appropriately.
The best way to confirm this is to follow the steps I laid out previously (create a brand new development store and then use the partner dashboard link to click on 'install on my development store' and see if everything happens correctly). The test on my development store link functions similar to how the 'Add App' button in the Shopify App store does.