On the advice of Lev M., who is currently validating our Shopify–Exact Online integration, I am raising a question regarding access to third-party credentials.
Lev M. has requested login details for Exact Online, which is an external accounting system. Unfortunately, we cannot provide a username and password, as these accounts contain highly personalized data and are protected with MFA. Even with credentials, external access would not be possible.
The purpose of the request is to verify that our app can connect to Exact Online. We were told this is a requirement under Shopify’s conditions, but this comes as a surprise to us since it has not been required in previous validations. Our integration with Shopify itself works smoothly, and the Exact Online credentials are only relevant for configuration that depends on Dutch accounting rules.
I would like to ask:
Have other developers encountered the same requirement when integrating with third-party systems? If so, how did you resolve it?
Shopify, is there an official place where I can find details on whether providing third-party credentials is a mandatory step in the app review process?
Our connectors are already being used successfully by Shopify merchants, and we are confident this situation can be resolved in a way that works for all parties.
Hi @Sponiza I appreciate the effort in your post but it’s vague on TECHNICAL detail.
These are the peer to peer forums, NOT shopify support, saying someone’s name doesn’t necessarily mean anyone’s going to know who that its, or give special privilege.
So this isn’t private software for a singular store?
Don’t be coy be very explicit in what is what from the first sentence.
If your submitting a PUBLIC app to sell services to other shopify-merchants then the app-review team is who you should be escalating things with.
Then they should have noted which specific part, and or you’ve omitted that critical detail.
Then do a screen-share if they need to go through configuration, where you pre-flight the screens to know which areas to avoid that have sensitive info.
Or find out how to setup api keys on that other system
Otherwise this other platform should have some way for an external developer to setup resources.
If this is even about a fourth party dev setting things for a private system. if third party software doesn’t have some way to limit who can see what that’s a big business problem that doesn’t scale.
For third party platforms contact THAT third party.
These are shopify peer to peerforums not “Exact Online” support.
If your submitting a PUBLIC app to sell services to other shopify-merchants then the app-review team is who you should be escalating things with.
Otherwise what you do with your software is your business, why would you think you’d need shopify’s permission for your software+ a third party that is NOT shopify.
Shopify is only relevant when it’s your software + shopify, and the api is very accessible. with some exceptions like if your completely replacing the checkout process which is an explicit process you need to contact shopify support directly to begin.
Something is off here , in my experience it’s either A) critical detail is being omitted, B) things were explained but stakeholders did not understand or push back properly so poor questions are the result, C) the intermediary is a poor explainer , D) stakeholders/staff have a very poor understanding of their primary systems causing unneeded friction, E) lack of budget/time invested in actual clarity, F) any combination of the above.
Merchants that need consulting on the shopify api for private apps, may reach out to me.
( click profile pic on forums ALWAYS provide concise context in new communications)
Thank you for your response. The Shopify App Reviewer adviced me to ask my questions to the Shopify technical forum. You advice me to go back to the Reviewer.
Yes, this concerns the review of a public App by the Shopify App team. This public App retrieves orders from Shopify and pushes them to a third party, Exact Online. Yes, this is not a technical question. I already informed the Shopify App reviewer that I think he is wrong to advice me to go to the technical forum.
Anyway, I will send your answer to the reviewer. I you have any advice how we can proceed you are welcome. We do not want to have our app disbanded from the Shopify Appstore. If you I have no advice I totally understand.
Thanks again!
PS. The Shopify API works great, no questions, we are happy with it!
They should be providing a clear and exact reason, like verifying your identity or partnership with the third party.
Which should have some other method than providing some random person unlimited access to private data.
Or they aren’t asking for that level of access and they need an account for any demonstration of the app to actually work, etc etc etc.
The alternative is to ask on the dev forums a more concise clear singular question about the app review process requesting login detail; but you need to be very clear in the details what your doing.
Yes, they want to use it to validate the connection. Which is fair. But the third party does not provide sandbox account. So the problem is we can not. And that is what I was asking. What to do when we cannot provide it?
I cannot imagine that we are the only app-developers running into this situation.
if third party software doesn’t have some way to limit who can see what that’s a big business problem that doesn’t scale.
with some exceptions like if your completely replacing the checkout process which is an explicit process you need to contact shopify support directly to begin.
Something is off here , in my experience it’s either A) critical detail is being omitted, B) things were explained but stakeholders did not understand or push back properly so poor questions are the result, C) the intermediary is a poor explainer , D) stakeholders/staff have a very poor understanding of their primary systems causing unneeded friction, E) lack of budget/time invested in actual clarity, F) any combination of the above.
click profile pic on forums ALWAYS provide concise context in new communications)