Hello,
I have developed Shopify Apps in the past and I am pretty familiar with the guidance for App Review submissions. However, the Shopify App that I am currently developing has a constraint that previous apps I have submitted in the past do not have. After a user (or app reviewer) begins the OAuth process from the shopify app store and successfully connects their shopify account to my app, my app requires that a confirmation email be sent and opened by the end user. After clicking the link in the confirmation email, the user is directed to a “Reset Password” page in my application, on which the user must enter a new password before continuing to use my app. I have scoured the documentation and have not found a direct answer for this use case. My main questions are:
-
Is this a valid onboarding flow for shopify apps? Will my app be blocked from approval?
-
All of the necessary data to ensure the user’s account in my application is in a valid state is available from resources that my app has requested to access via the Shopify Admin API. (example: we create a “project” record whose properties are all sourced from the shopify GQL API
Shopresource). Is there any guidance on which email address to use for user accounts in this case? shop.owner_email? shop.contact_email? Should I require that the user provide an email/pw directly through a form instead? -
Do Shopify App reviewers have access to the email inboxes that are attached to the Shopify GQL API’s
Shopresource? Is there a better way for me to derive the email for the user who installed my app?
My app is targeted for an August 2024 launch date, and I would like to ensure that the app review process goes smoothly and that I am adhering to all policies and usage agreements. Any help would be greatly appreciated!
Thanks
Schuyler Sousa
Sr. Software Engineer at OpenStore
schuyler@open.store