E-commerce
December 23, 2025
You have developed an app for Shopify and want to make it accessible to thousands of merchants. Publishing on the Shopify App Store is a required step for public apps: it formalizes quality, security, and the merchant experience. The process can seem dense, between OAuth, billing, storefront performance, and the App Store listing. This guide draws on the official Shopify Developers documentation (requirements), the best practices checklist, the revenue sharing model, and the April 24, 2025 changelog on the evolution of the million-dollar exemption. You will also find guidance on data protection in Europe via the CNIL and the GDPR framework, useful as soon as your app handles store data. Goal: reduce back-and-forth with the review team and publish a solid app on the first submission.
Estimated reading time: 15 min
Summary
What is the Shopify App Store?
The Shopify App Store is the official distribution channel where merchants discover, compare, and install apps for their admin, storefront, checkout, or workflows. A public app intended for multiple stores must generally be listed on the App Store, except in specific cases (custom apps for a single merchant, private distribution according to the rules described in the App Distribution doc).
Shopify notes in its April 2025 changelog that merchants have more than 16,000 apps to choose from, and highlights ongoing investments in discovery and the experience on the redesigned App Store. This volume explains the importance of a readable listing, honest social proof, and clear positioning: the review also checks consistency between promises and features. For partner context (tiers, resources), connect this guide to the Shopify Partner Program and the Technology Partner requirements.
Why publish on the App Store?
Distribution via the App Store combines visibility, trust, and built-in billing mechanics. Merchants install apps to save time, automate support, logistics, or marketing: your listing is often the first commercial contact after a search or a category. From an economic standpoint, the revenue share model is designed to reward growth: Shopify documents a 0% rate on the first tier of app gross revenue, then 15% beyond that, with specific rules for very large-scale developers (thresholds in US dollars, annual reassessment). The accounting details and exceptions are on the same official page: don't rely on forum rumors.
The April 24, 2025 changelog also specifies that the annual exemption on the first million dollars is replaced by a lifetime revenue logic for this tier, with contractual updates taking effect on June 16, 2025. Earnings made before January 1, 2025 do not count toward the million-dollar threshold: a crucial point for your financial roadmap.
Key requirements: security, scopes, billing
The official requirements cover the entire lifecycle: building on the Shopify platform, frictionless installation, minimal access scope, billing through Shopify mechanisms, UI quality, and performance. The App Store requirements detail each section; the best practices translate them into concrete actions for your product team.
Authentication and permissions
The app must launch OAuth immediately upon installation, before any other step, even if the merchant has already installed and then uninstalled the app. The scopes must be limited to what is necessary: any excess permissions fuels distrust and rejections. For apps embedded in the admin, the documentation emphasizes session tokens and compatibility with the behavior of modern browsers regarding cookies, in line with changes documented by the Chromium SameSite project (an external technical reference frequently cited by Shopify in its authentication guides).
Billing
Merchant charges go through the Shopify Billing API or managed pricing depending on your model. Merchants must be able to change plans without reinstalling the app or opening a ticket for a standard operation. "Enterprise" amounts must be reflected in the additional fees section of the listing when relevant.
For more on APIs and resources, keep our article Shopify Development Resources handy and the guide Built for Shopify if you're aiming for the quality badge.
Table: Shopify requirements and team deliverables
Use this table as a bridge between the product team and the listing marketing team: each row maps to the expectations set out in the official documentation.
Area | Expected by Shopify (summary) | Your concrete deliverable |
|---|---|---|
Installation | Immediate OAuth, no blocking pop-up for essential actions | Flow tested on development store, screenshots up to date |
Permissions | Minimal, justified scopes | Internal “feature → scope” matrix + clear text for the merchant |
Billing | Billing through Shopify, self-serve plan change | Plans tested, charge history consistent in the merchant admin |
Security and app status | Reliable app, compliant with modern auth (session tokens, cookies) | Cross-browser tests, tracking API breaking changes |
Storefront performance | Limited impact on scores (Lighthouse) for apps that touch the storefront | Measurements before / after installation, script and integration optimization |
Listing | Honest listing, transparent pricing, representative media | Video demo or demo store, accessible privacy policy |
The full detail can be found in the “Installation”, “Functionality”, “App performance” and “App listing” sections of the shopify.dev pages cited above.
Storefront performance and merchant experience
For applications that directly affect the storefront, Shopify measures the impact on representative pages (home page, product page, collection page) using a weighted method. The documentation recommends not degrading the Lighthouse score by more than 10 points and encourages smoothing the measurements across several runs, because scores can vary. Detailed recommendations are in App performance and Storefront performance. This is a strong differentiating factor in a dense catalog.
Prepare the submission
Before opening « Manage submission » in the Partner dashboard, lock down a minimal baseline:
OAuth tests and redirects: clean installation and reinstallation flows.
Billing tests: if you monetize, go through upgrade, downgrade, and cancellation as a merchant would.
Privacy policy: a valid URL aligned with the data actually processed; for the EU, follow the principles of lawfulness, minimization, and transparency described by the CNIL (legal bases, information notices).
Listing content: title, subtitles, benefits, screenshots, and media that reflect the current app, without overstated claims.
Email whitelisting: messages from the review team must be able to reach your inbox (anti-spam filters).
Shopify reminds us that the review team only handles complete, functional apps: blocking errors prevent a useful review of features, as indicated in the review guides. Prepare a reproducible test plan: demo merchant account, anonymized datasets, network error scenarios, and denied permission scenarios. Teams that include a short video or a « critical path » document often reduce the number of question cycles. For apps that alter the checkout flow or add secondary payments, also anticipate explanations about manual payment capture: Shopify documentation recommends informing the merchant in the listing and onboarding when multiple payments can exist for a single order.
Submit from the Partner Dashboard
Open the Apps section of the Partner dashboard.
Check the metadata, OAuth callback URLs, and enabled extensions.
Complete the pre-submission checklist: it enforces a review consistent with the requirements.
Verify the contact details: responsiveness = more predictable timelines.
Submit via Manage submission when all required fields are completed.
Form accuracy avoids cycles of purely administrative corrections.
App Review: What to Expect
After submission, the App Review team checks compliance with the store rules and the listing/product fit. The timeline depends on workload, complexity, and completeness: do not communicate a fixed duration to your stakeholders without an internal Shopify source. If changes are requested, respond with targeted fixes and test notes for the reviewer. If the app is rejected, Shopify's email details the reasons: treat them as a sprint checklist rather than a final failure.
Personal Data and Transparency (EU)
As soon as your app accesses order, customer, or team data, you operate under a strict legal framework in Europe. The site of the CNIL reminds you of obligations regarding informing individuals, security, and, depending on the case, impact assessments or processing records. Clearly mention the use of data in the listing and in the app, and limit collection to what is necessary: this aligns with the spirit of Shopify's requirements for listing honesty and the quality of the merchant experience.
Registration fees and revenue sharing
To access the documented revenue-sharing plan, Shopify requires App Store registration with a one-time fee of USD 19 per Partner account, as indicated on the Revenue share page. Beyond the sharing percentages, billing mentions 2.9% processing fees and applicable taxes, in addition to the revshare model.
Reminder of the standard rates for the majority of developers (excluding large companies covered by the specific clause of 15% on all volume): 0% Shopify share on the first US$1 million of cumulative gross app revenue since January 1, 2025, then 15% on the rest. Revenue before 2025 does not count toward this threshold: official detail in the same document and in the cited changelog. Associated developer accounts are aggregated for threshold calculation: document your structures to avoid surprises.
After publication
Publishing is not the finish line: Shopify may reassess an app whose core functionality has drifted. Keep clear release notes, monitor webhooks and the versioned API, and continue measuring performance impact. On the go-to-market side, iterate on the listing (A/B test media, proof points, tutorials) and on merchant support: install retention influences your reputation in the store.
Best practices and common mistakes
Best practices
Test on several stores (dev, staging) and document demo accounts for reviewers.
Write a results-oriented description: time savings, error reduction, additional revenue.
Provide 5 to 10 clear screenshots, readable on mobile, with a coherent user journey.
Plan for an API roadmap: Shopify evolves quickly; an abandoned app is a risk of removal.
Common mistakes
Submitting with OAuth or billing untested on a realistic flow.
Over-requesting scopes « just in case ».
Misleading marketing listing or outdated screenshots.
Ignoring the review team's emails or replying without a reproducible test file.
Neglecting the privacy policy or legal notices required for your sales region.
Benefits for your product
Distribution to Shopify's global merchant base.
Trust framework: public requirements and review process.
Centralized merchant-side billing through the Shopify ecosystem.
Revenue prospects governed by a public revenue sharing model with a documented tier.
Technical alignment with documented developments (performance, auth, billing).
Qstomy and Shopify apps
On the merchant side, installing an app from the App Store is often the beginning of a long relationship: support, configuration, ROI. Qstomy fits into this ecosystem by helping stores automate support and AI-assisted selling on Shopify. If you're building integrations or customer journeys, keep in mind the same requirement for clarity as for an app review: predictable flows and well-governed data. For the store-side integration, see our page AI chatbot on Shopify and the article e-commerce chatbot.
Summary
Publishing on the Shopify App Store requires aligning your product, documentation, and listing with the App Store requirements, best practices, and revenue rules. Immediate OAuth, minimal scopes, Shopify billing, storefront performance, and an honest listing are the recurring levers. The April 2025 changelog sets the framework for the lifetime revenue threshold of one million dollars and the effective date of contractual updates to June 16, 2025. Add serious GDPR compliance if you handle European data. Finally, iterate after publication: quality is continuous.
FAQ
What is the difference between a public app and a custom app?
Custom apps for a single merchant follow a different distribution model; apps intended for multiple stores generally go through the App Store, with the associated requirements. Check the Distribution section on shopify.dev to decide based on your case.
Do you have to pay to list an app?
Enrollment in the revenue share plan documented on shopify.dev includes a one-time fee of USD 19 per Partner account. The other costs are those of your development, hosting, and internal tools.
What is the revenue share model?
According to the official Revenue share page, most developers below the "large company" thresholds benefit from 0% on the first USD 1 million in gross app revenue counted since January 1, 2025, then 15% beyond that, with aggregation across connected accounts. Special rules apply to very large publishers: read the table and notes on shopify.dev.
Do revenues before 2025 count toward the million?
No for entering the tier: the April 24, 2025 changelog specifies that earnings before January 1, 2025 do not count toward the threshold.
How long does the review take?
Shopify does not guarantee a public fixed duration in this guide: it depends on the queue, complexity, and quality of the first submission. Responsiveness and a complete file reduce back-and-forth.
What is checked first?
OAuth installation, permission scope, compliant billing, listing consistency, performance if the storefront is affected, and adherence to the rules specific to your app category.
Can my app be removed after publication?
Yes, if it stops being compliant, if the listing is misleading, or if the core functionality changes without resubmission when required. Treat compliance as a living product.
Where can I find the exhaustive list of requirements?
On App Store requirements and the associated checklist on shopify.dev.
Go further
December 23, 2025
