Installation and setup

These requirements make sure that merchants can quickly set up and start using your app. The installation requirements describe the correct flows for authentication, app install charges, and any sign-up steps (if required). These requirements make sure that you provide merchants with the guidance they need when they start learning to use your app.

1. Authentication

  1. When a merchant clicks Add App from your app's listing page, your app must immediately authenticate using OAuth before any other steps occur, even if the merchant has previously installed and then uninstalled your app.
  1. A merchant must be able to authenticate and use your app on multiple stores, even if they share the same email address.

2. Permissions

Permissions are the levels of access that your app has to a merchant's store through the API. The permissions that you request are shown to the merchant on the OAuth handshake page, where the merchant can either grant or decline them.

  1. Merchants must be redirected to your app's user interface (UI) after they accept permissions access on the OAuth handshake page.
  2. Your app should request only the permissions that are necessary for it to function.
  3. You should only revoke API permissions to your app using the delete button located on the app setup page.

3. Setup and merchant workflows

  1. Your app must include in-app setup instructions that explain to merchants how to use it properly. These instructions must be written specifically for Shoplazza merchants, even if your app also connects to other platforms.

  2. Your app must never request that a merchant generate and provide a private API key. The Shoplazza App Store lists only public apps.

  3. Any connection that your app makes from its UI to either link to another shop or install other apps must go through the Shoplazza App Store listing first.

  4. For merchant security, your app must not use pop-up windows for essential app functionality, like running OAuth. Avoiding the use of pop-up windows also protects your app from being compromised by pop-up blockers.