What does the standard install process for a Shopify app mean?

Shopify Apps

Topic summary

Shopify rejected an app during review for violating installation requirements. The rejection message states apps cannot request a merchant’s .myshopify.com URL directly and must use the standard install process from the app listing.

Current problematic workflow:

  • Users enter their store domain on an external portal
  • App creates authorization link and redirects users to authenticate
  • After authentication, app requests access token to fetch merchant orders

This violates Shopify’s policy requiring all installations to be initiated within the Shopify App Store itself.

Correct OAuth flow:

  1. Merchant initiates installation from Shopify App Store
  2. Shopify sends request to app endpoint with shop, timestamp, and hmac parameters
  3. App validates request and redirects to Shopify Admin API with required scopes
  4. Shopify prompts merchant to review scopes and authorize
  5. After authorization, Shopify sends request back to app with access token

Unresolved challenge: Multiple developers report the same issue, particularly for apps not yet listed in the Shopify App Store. Without an official app listing, there’s no install link for merchants to initiate the standard process. No clear solution has been provided for pre-listing development scenarios.

Summarized with AI on November 10. AI used: claude-sonnet-4-5-20250929.
2

As per the Shopify app requirement, you cannnot ask the user to enter their Shopify domain. All the installation process most be initiated within Shopify.
After a merchant clicks the link to install your app, your app receives a GET request on the app URL path that you specified in the Partner Dashboard. Requests to this URL path from a merchant who is logged into the Shopify App Store include the shop, timestamp, and hmac query parameters.
You need to flow the OAUTH authentication process as described by Shopify here.

  1. The merchant sends a request to install the app. (This sends a request to the App installation endpoint).
  2. App installation endpoint will then redirects the request to the Shopify admin API, with the required scopes, and a redirect_link.
  3. Then Shopify will show a prompt to the user to review the scopes and authorize the installation request.
  4. Then the Shopify admin API sends a request to the app.
  5. The app endpoint then validates the request from Shopify and sends a request back to Shopify admin API to get an access token.