How to handle App Store Review (Apple/Google) with New Customer Accounts (OTP Login)?

Technical Q&A

Topic summary

Conflict between App Store/Play review requirements and Shopify’s New Customer Accounts (passwordless Email + 6‑digit OTP). Reviewers need a demo login with username/password, but OTPs go to real emails they cannot access.

Key details:

  • Mobile app uses Shopify Customer Account API inside a React Native WebView.
  • Login flow is OTP-only (no password), blocking reviewer access.
  • OTP = one-time passcode sent via email; no shared inbox for reviewers.

Open questions from the author:

  • Whether a static/predictable OTP can be configured for a specific test email.
  • Whether a “Test Mode” or special Customer Account API setting exists for predictable reviewer logins.
  • Whether the practical workaround is reverting to Classic Customer Accounts (email + password) for reviews.

Status: No answers or solution provided yet; discussion remains open. No decisions or action items recorded. No attachments or code snippets are central to understanding.

Summarized with AI on December 10. AI used: gpt-5.
1

Hi Shopify Community,

I am currently developing a mobile application using the Customer Account API embedded via a WebView (React Native). My store is configured to use New Customer Accounts, which relies on a passwordless Email + 6-digit OTP login flow.

I am facing a blocker with the Apple App Store and Google Play Store review process. The reviewers require a functional “Demo Account” (Username and Password) to log in and test the app’s features. However, since the OTP is sent to a real email address that the reviewers cannot access, they are unable to log in.

My Questions:

  1. Is there a way to configure a static OTP (e.g., always 123456) for a specific test email address (e.g., reviewer@example.com)?

  2. Is there a “Test Mode” or specific configuration in the Customer Account API that allows for a predictable login flow for App Store reviewers?

  3. If not, is the official recommendation for mobile apps to revert to Classic Customer Accounts (Email + Password) to satisfy these review requirements?

Any guidance or best practices from others who have launched mobile apps using the New Customer Accounts would be greatly appreciated.

Thanks!

1 Like
2

This is a big pain point in my Apple review submission flow as well.