Meridian’s submission tool runs a comprehensive pre-flight check across your app before you submit it to the Shopify App Store for review. It surfaces issues Shopify reviewers commonly flag — from missing compliance webhooks and outdated API versions to listing quality problems — giving you a clear score and a prioritized action list before you ever click Submit for review in the Partner Dashboard.Documentation Index
Fetch the complete documentation index at: https://help.the-meridian.ai/llms.txt
Use this file to discover all available pages before exploring further.
How the submission checker works
Open App Store → Submission in your Meridian dashboard to run a check. Meridian evaluates your app across eight categories and produces aReviewReport with:
- A readiness score from 0–100
- A readiness status:
ready,needs-work, ornot-ready - An estimated Shopify review time based on open issues
- Per-check results with status, severity, and fix suggestions
- AI-powered insights that predict rejection risk and highlight patterns Shopify reviewers flag most often
The checker runs client-side against your app’s configuration and known patterns. For the most accurate results, make sure your app URL, Partner Dashboard settings, and API scopes are up to date in Meridian.
Reading your results
Each check has a status and a severity.Check status
| Status | Meaning |
|---|---|
pass | No issues found. This check is clear. |
warning | A potential concern. Not a guaranteed blocker, but worth fixing before submission. |
fail | An issue was detected. Shopify reviewers are likely to flag this. |
pending | The check has not run yet. |
running | The check is currently executing. |
skipped | The check does not apply to your app’s configuration. |
Check severity
| Severity | What it means |
|---|---|
critical | Shopify will reject your app. Fix before submitting. |
high | Likely to cause rejection or significant delay in review. |
medium | May slow down review or affect merchant trust. |
low | Minor improvement that won’t block submission. |
info | Informational only — no action required. |
Check categories
Meridian organizes all checks into eight categories. Expand each one to see what’s covered.Installation & Auth
Installation & Auth
Covers the OAuth flow, session tokens, and install/uninstall lifecycle.Critical checks:
- OAuth fires immediately when a merchant clicks Install
- Merchants are redirected to your embedded app UI after install (not a blank or error page)
- Your app uses Shopify session tokens for authentication — not third-party cookies
- Uninstall and reinstall cycle works cleanly without stale data
- Your app requests only the API scopes it actually uses — excessive scopes trigger rejection
- Merchants can authenticate using their Shopify identity without creating a separate account
Technical quality
Technical quality
Covers API usage, App Bridge version, billing, and error handling.Critical checks:
- Your app uses the latest version of Shopify App Bridge (older versions will be rejected after July 1, 2025)
- All charges go through the Shopify Billing API — external payment collection is not permitted
- Your app does not bypass Shopify checkout
- Your app uses a current, non-deprecated Shopify API version
- API errors, rate limits, and network failures are handled gracefully
- Your app handles 429 responses with retry logic and exponential backoff
- Webhook endpoints return 2xx quickly and handle retries and duplicates
- Your app uses the App Bridge Save Bar API for save actions in the admin
Privacy & compliance
Privacy & compliance
Covers mandatory GDPR webhooks, privacy policy, and data handling.Critical checks:
customers/data_requestwebhook is registered and responds within 5 secondscustomers/redactwebhook is registeredshop/redactwebhook is registered- A privacy policy disclosing data collection, usage, retention, and international storage is published and linked
- Your app only collects data that is strictly necessary for core functionality
- If you access PII (name, address, phone, email), your app has approved protected scopes
- Your app complies with GDPR data processing requirements
UX & branding
UX & branding
Covers app naming, navigation patterns, and merchant experience consistency.Critical checks:
- Your app name does not contain “Shopify” or any abbreviation of it
- Your app’s domain does not contain “Shopify” or “Example”
- Critical features like login and payment do not use pop-up windows
- Your app uses tabs (not custom navigation components) for secondary navigation in the admin
- Your app listing uses factual information only — no fake reviews or inflated claims
- What your app does is clearly communicated before a merchant installs it
- Your UI matches Shopify admin patterns for a consistent merchant experience
- Subscription costs, billing cycles, and included features are clearly stated
App listing
App listing
Covers your Partner Dashboard listing configuration.Critical checks:
- App icon is exactly 1200×1200 pixels in JPEG or PNG format
- An emergency email and phone number are on file in your Partner Dashboard
- API contact details are provided for Shopify to reach you about API issues
- Your app description clearly explains the value, features, and target audience
- Screenshots are included and accurately show key app features
- Your app is not labeled as beta or described as having “coming soon” features
- Your app is not a duplicate of an existing listing
- App URL, redirect URLs, and GDPR URLs are correctly configured
Security
Security
Covers HTTPS, HMAC validation, token storage, and input sanitization.Critical checks:
- Every URL and endpoint your app exposes uses HTTPS
- All incoming webhooks are validated using HMAC to verify they originate from Shopify
- Shopify access tokens are stored encrypted and never exposed in client-side code
- No API keys, secrets, or tokens appear in frontend or client-side code
- Content Security Policy headers are set to prevent XSS and injection attacks
- All user inputs are validated and sanitized server-side
Performance
Performance
Covers Core Web Vitals, checkout extension speed, and Lighthouse impact.Critical checks:
- Admin Cumulative Layout Shift (CLS) ≤ 0.1 at the 75th percentile
- Admin Interaction to Next Paint (INP) ≤ 200ms at the 75th percentile
- Checkout extension P95 response time ≤ 500ms
- Checkout extension failure rate ≤ 0.1%
- Your app does not reduce the storefront Lighthouse performance score by more than 10 points
- The embedded app UI loads within 3 seconds on a standard connection
AI analysis
AI analysis
AI-powered checks that go beyond static rules to predict rejection risk and surface patterns from historical submissions.
Each AI insight includes a list of concrete
| Check | What it looks for |
|---|---|
| Code pattern analysis | Anti-patterns, deprecated API usage, and known review blockers in your codebase |
| Listing quality score | Your description, screenshots, and metadata benchmarked against top-performing apps in your category |
| UX pattern review | Your UI patterns compared against Shopify Polaris design guidelines |
| Security vulnerability scan | Exposed secrets, insecure configurations, and common vulnerabilities |
| Privacy compliance assessment | Data handling patterns and GDPR completeness |
| Rejection risk prediction | Likelihood of rejection based on patterns from past submissions, with a confidence score |
actionItems and a confidence score (0–1) so you can prioritize the highest-confidence findings first.The Shopify review process
Understanding what happens after you submit helps you prepare effectively.Submit from the Partner Dashboard
Once your app passes Meridian’s pre-submission checks, submit it from your Shopify Partner Dashboard. Shopify’s review queue is typically 2–5 business days for new apps.
Automated checks run first
Shopify runs automated checks before assigning a human reviewer. These cover many of the same categories Meridian checks — performance thresholds, HTTPS, required webhooks, and API version compliance.
Manual review
A Shopify reviewer installs your app, tests the merchant experience, and evaluates your listing against the App Store requirements. They pay close attention to billing flow, UX patterns, and listing accuracy.
Common rejection reasons and how to avoid them
| Rejection reason | How to avoid it |
|---|---|
| Missing GDPR compliance webhooks | Register customers/data_request, customers/redact, and shop/redact before submitting |
| Outdated App Bridge version | Upgrade to the latest @shopify/app-bridge package and replace deprecated navigation actions |
| Excessive API scopes | Audit each requested scope against actual feature usage and remove any that aren’t needed |
| External payment collection | Route all charges through the Shopify Billing API |
| Performance thresholds not met | Measure admin CLS and INP in production; optimize before submitting |
| Incomplete or misleading listing | Use factual language, accurate screenshots, and a complete description |
| Missing or inadequate privacy policy | Publish a policy that covers data collection, usage, retention, and cross-border storage |
Tips for a successful submission
- Test the full install → billing → uninstall → reinstall cycle before submitting. This is the most common source of rejection issues that slipped through development.
- Test in a real development store — not just your local environment. Shopify reviewers install from the App Store listing, so the experience they see must match what you tested.
- Write your listing for merchants, not developers. Lead with the problem you solve, not the technology you use. Shopify reviewers evaluate whether a merchant can understand what your app does before installing it.
- Respond promptly to reviewer feedback. If Shopify sends change requests, resubmit within a few days to keep the context fresh and avoid additional delays.
- Keep your API version current. Deprecated API versions are caught by automated checks. Check the Shopify API Alerts page in Meridian to stay ahead of deprecation deadlines.
Related
- Shopify API Alerts — get notified when Shopify deprecates an API or announces a breaking change that affects your app