E-commerce
December 23, 2025
You have developed an app for Shopify and want to make it accessible to thousands of merchants. Publishing on the Shopify App Store is a mandatory step for public apps: it formalizes quality, security, and the merchant experience. The process can seem dense, with OAuth, billing, storefront performance, and the App Store listing. This guide is based on the official Shopify Developers documentation (requirements), the best practices checklist, the revenue sharing model, and the April 24, 2025 changelog on the evolution of the one-million-dollar exemption. You will also find guidance on data protection in Europe through the CNIL and the GDPR framework, useful as soon as your app processes store data. Objective: reduce back-and-forth with the review team and publish a solid app from the first submission.
Estimated reading time: 15 min
Summary
What is the Shopify App Store?
The Shopify App Store is the official distribution channel where merchants discover, compare, and install apps for their admin, storefront, checkout, or workflows. A public app intended for multiple stores should in principle be listed on the App Store, except in specific cases (custom apps for a single merchant, private distribution according to the rules described in the App distribution doc).
In its April 2025 changelog, Shopify states that merchants have more than 16,000 apps to choose from, and highlights continued investment in discovery and experience on the redesigned App Store. This volume explains the importance of a clear listing, honest social proof, and clear positioning: the review also checks consistency between promises and features. For partnership context (tiers, resources), connect this guide to the Shopify Partner Program and the Technology Partner requirements.
Why publish on the App Store?
Distribution through the App Store combines visibility, trust, and built-in billing mechanics. Merchants install apps to save time and automate support, logistics, or marketing: your listing is often the first commercial touchpoint after a search or category browse. From an economic standpoint, the revenue share model is designed to reward growth: Shopify documents a 0% rate on the first tier of gross app revenue, then 15% above that, with specific rules for very large-scale developers (thresholds in US dollars, annual reassessment). Accounting details and exceptions are listed on the same official page: do not rely on forum rumors.
The April 24, 2025 changelog also specifies that the annual exemption on the first one million dollars is replaced by a lifetime revenue logic for this tier, with contractual update changes taking effect on June 16, 2025. Earnings made before January 1, 2025 do not count toward the one-million threshold: a crucial point for your financial roadmap.
Key requirements: security, scopes, billing
Official requirements cover the entire lifecycle: building on the Shopify platform, frictionless installation, minimal access scope, billing through Shopify mechanisms, UI quality, and performance. The App Store requirements detail each section; the best practices translate them into concrete actions for your product team.
Authentication and permissions
The app must launch OAuth immediately upon installation, before any other step, including if the merchant has already installed and then uninstalled the app. Scopes must be limited to what is necessary: any excess permissions fuel distrust and rejections. For apps embedded in the admin, the documentation emphasizes session tokens and compatibility with modern browser behavior around cookies, in connection with the changes documented by the Chromium SameSite project (an external technical reference frequently cited by Shopify in its authentication guides).
Billing
Merchant charges go through the Shopify Billing API or managed pricing depending on your model. Merchants must be able to change plans without reinstalling the app or opening a ticket for a standard operation. “Enterprise” amounts must be reflected in the listing’s additional fees section when relevant.
To go further on APIs and resources, keep our article Shopify development resources and the Built for Shopify guide handy if you are aiming for the quality badge.
Table: Shopify requirements and team deliverables
Use this table as a bridge between the product team and listing marketing: each row refers to the expectations set out in the official documentation.
Area | Expected by Shopify (summary) | Your concrete deliverable |
|---|---|---|
Installation | Immediate OAuth, no blocking pop-up for essential actions | Flow tested on a development store, up-to-date screenshots |
Permissions | Minimal and justified scopes | Internal matrix "feature → scope" + clear text for the merchant |
Billing | Billing via Shopify, autonomous plan change | Plans tested, consistent charge history in the merchant admin |
Security and app status | Reliable app, compliant with modern auth (session tokens, cookies) | Cross-browser testing, tracking API breaking changes |
Storefront performance | Limited impact on scores (Lighthouse) for apps that affect the storefront | Measurements before/after installation, script and integration optimization |
Listing | Honest listing, transparent pricing, representative media | Video demo or demo store, accessible privacy policy |
The full granularity can be found in the “Installation,” “Functionality,” “App performance,” and “App listing” sections of the shopify.dev pages cited above.
Storefront performance and merchant experience
For applications that directly affect the storefront, Shopify measures the impact on representative pages (home, product page, collection) using a weighted method. The documentation recommends not degrading the Lighthouse score by more than 10 points and suggests smoothing measurements over several runs, since scores can vary. Detailed recommendations are in App performance and Storefront performance. This is a strong differentiating criterion in a dense catalog.
Prepare the submission
Before opening “Manage submission” in the Partner Dashboard, lock in a minimum baseline:
OAuth tests and redirects: clean installation and reinstallation flows.
Billing tests: if you monetize, go through upgrade, downgrade, and cancellation as a merchant.
Privacy policy: valid URL, aligned with the data actually processed; for the EU, comply with the principles of lawfulness, minimization, and information described by the CNIL (legal bases, information notices).
Listing content: title, subtitles, benefits, screenshots, and media that reflect the current app, without excessive promises.
Email whitelisting: messages from the review team must be able to reach your inbox (anti-spam filters).
Shopify reminds that the review team only handles complete and functional apps: blocking errors prevent a useful review of features, as indicated in the review guides. Prepare a reproducible test plan: demo merchant account, anonymized datasets, network error scenarios, and permission-denied scenarios. Teams that include a short video or a “critical path” document often reduce question cycles. For apps that modify checkout or add secondary payments, also anticipate explanations about manual payment capture: Shopify documentation recommends informing the merchant in the listing and onboarding when multiple payments may exist for the same order.
Submit from the Partner dashboard
Open the Apps section of the Partner dashboard.
Check the metadata, OAuth callback URLs, and enabled extensions.
Complete the pre-submission checklist: it enforces a review consistent with the requirements.
Verify the contact details: responsiveness = more predictable timelines.
Submit via Manage submission when all required fields are filled in.
Form accuracy avoids cycles of purely administrative corrections.
Examen App Review: what to expect
After submission, the App Review team checks compliance with store rules and the alignment between listing and product. The timeline depends on workload, complexity, and completeness: do not communicate a fixed duration to your stakeholders without an internal Shopify source. If changes are requested, respond with targeted fixes and test notes for the reviewer. If the app is rejected, Shopify’s email details the reasons: treat them as a sprint checklist rather than a definitive failure.
Personal data and transparency (EU)
As soon as your app accesses order, customer, or team data, you are operating within a strict legal framework in Europe. The CNIL website reminds you of obligations regarding informing individuals, security, and, depending on the case, impact assessments or records of processing activities. Clearly state how data is used in the listing and in the app, and limit collection to what is necessary: this aligns with the spirit of Shopify requirements on listing honesty and the quality of the merchant experience.
Registration fees and revenue sharing
To access the documented sharing plan, Shopify requires an App Store registration with a one-time fee of USD 19 per Partner account, as indicated on the Revenue share page. Beyond the sharing percentages, billing mentions 2.9% processing fees and applicable taxes, in addition to the revshare model.
Reminder of the standard rates for most developers (excluding large companies covered by the specific 15% clause on all volume): 0% Shopify share on the first one million US dollars of gross app revenue accumulated since January 1, 2025, then 15% on the remainder. Revenue before 2025 does not count toward this threshold: official details are in the same document and in the cited changelog. Associated developer accounts are aggregated for threshold calculation: document your structures to avoid surprises.
After publication
Publication is not the finish line: Shopify may reassess an app whose core functionality has diverged. Maintain clear release notes, monitor webhooks and the versioned API, and continue measuring performance impact. On the go-to-market side, iterate on the listing (media A/B tests, proof points, tutorials) and on merchant support: installation retention influences your reputation in the store.
Best practices and common mistakes
Best practices
Test on multiple stores (dev, staging) and document demo accounts for reviewers.
Write a results-oriented description: time savings, error reduction, additional revenue.
Provide 5 to 10 clear screenshots, readable on mobile, with a consistent user journey.
Plan an API roadmap: Shopify evolves quickly; an abandoned app is at risk of removal.
Common mistakes
Submitting with OAuth or billing not tested in a realistic flow.
Over-requesting scopes "just in case."
Misleading marketing listing or outdated screenshots.
Ignoring emails from the review team or replying without a reproducible test file.
Neglecting the privacy policy or legal notices required for your sales region.
Benefits for your product
Distribution to Shopify's global merchant base.
Trust framework: public requirements and review process.
Centralized merchant-side billing through the Shopify ecosystem.
Revenue prospects governed by a public revenue-sharing model with a documented tier.
Technical alignment with documented changes (performance, auth, billing).
Qstomy and apps on Shopify
On the merchant side, installing an app from the App Store is often the beginning of a long relationship: support, setup, ROI. Qstomy is part of this ecosystem by helping stores automate support and AI-assisted sales on Shopify. If you build integrations or customer journeys, keep in mind the same clarity requirements as for an app review: predictable flows and well-governed data. For store-side integration, see our AI chatbot on Shopify page and the e-commerce chatbot article.
Summary
Publishing on the Shopify App Store requires aligning your product, documentation, and listing with the App Store requirements, best practices, and revenue rules. Immediate OAuth, minimal scopes, Shopify billing, storefront performance, and an honest listing are recurring levers. The April 2025 changelog sets the framework for the one-million-dollar lifetime revenue threshold and the effective date of contractual updates on June 16, 2025. Add solid GDPR compliance if you handle European data. Finally, iterate after publishing: quality is continuous.
FAQ
What is the difference between a public app and a custom app?
Custom apps for a single merchant follow a different distribution model; apps intended for multiple stores generally go through the App Store, with the associated requirements. Check the Distribution section on shopify.dev to decide based on your case.
Do you have to pay to list an app?
Enrollment in the revenue-sharing plan documented on shopify.dev includes a one-time fee of USD 19 per Partner account. Other costs are those of your development, hosting, and internal tools.
What is the revenue-sharing model?
According to the official Revenue share page, most developers below the “large company” thresholds benefit from 0% on the first USD 1 million in gross app revenue counted from January 1, 2025, then 15% beyond that, with aggregation across associated accounts. Special rules apply to very large publishers: read the table and notes on shopify.dev.
Does revenue before 2025 count toward the million?
No for entering the tier: the April 24, 2025 changelog states that earnings before January 1, 2025 do not count toward the threshold.
How long does the review take?
Shopify does not guarantee a fixed public timeline in this guide: it depends on the queue, complexity, and the quality of the first submission. Responsiveness and a complete file reduce back-and-forth.
What is checked first?
OAuth installation, permission scope, compliant billing, listing consistency, performance if the storefront is impacted, and compliance with rules specific to your app category.
Can my app be removed after publication?
Yes, if it ceases to be compliant, if the listing is misleading, or if the core functionality changes without resubmission when required. Treat compliance as a living product.
Where can I find the exhaustive list of requirements?
On App Store requirements and the related checklist on shopify.dev.
Go further
December 23, 2025
