Building Shopify Apps

Shopify apps are web applications that add functionality to Shopify stores. They can do this in several different ways:

  • Reading and writing store data, either in response to user input or webhook event notifications
  • Extending new features inside existing parts of the Shopify admin or POS
  • Enhancing the way stores display information to customers

Developers host their Shopify apps on their own infrastructure. You can host your app anywhere, and build it with the tech stack of your choice.

Developers enjoy extensive access to Shopify’s platform. Before putting this power to work, make sure you understand your responsibilities as an app developer, and how Shopify enforces the rules of our platform.

Types of apps

Depending on the purpose of your app and how you’ll distribute or sell it, you first need to choose what type of app you’ll build. App types can’t be changed after the app has been created, so be sure you understand the different capabilities and requirements of each type. There are three app types:

The available app types were updated on December 5, 2019, and new requirements apply only to apps created after that date. There is no change for existing public apps or legacy private apps.

Public apps

Public apps are meant for developers who want to distribute their apps to many merchants. These are the key features of public apps:

Tutorial: Authenticate a public app with OAuth

Custom apps

Custom apps are meant for developers building an app tailored for a single merchant. These are the key features of custom apps:

  • They can be installed on a single Shopify store
  • They don’t go through Shopify’s app approval process
  • You can’t sell them in the Shopify App Store
  • They manage authentication with OAuth 2.0
  • They’re created and managed in your Partner Dashboard
  • They can use Shopify App Bridge to appear as an embedded app in the Shopify admin
  • They can use app extensions to extend the Shopify admin UI

Tutorial: Authenticate a custom app with OAuth

Private apps

Developers can still create private apps, but custom apps are the recommended solution.

Private apps are meant for developers building an app for a merchant with specific requirements not met by custom apps. These are the key features of private apps:

  • They’re created for a single Shopify store, or a small group of clients
  • They don’t go through Shopify’s app approval process
  • You can’t sell them in the Shopify App Store
  • Manage authentication with basic HTTP authentication
  • They’re created and managed in the merchant’s Shopify admin

Tutorial: Authenticate a private app with the Shopify admin

Anatomy of a Shopify app

All Shopify apps are web applications. As an app developer, you control your own infrastructure and host your own services. When a merchant installs your app, Shopify grants your app access to certain store data.

Standalone apps can operate entirely on your website, while embedded apps integrate more deeply into the Shopify admin.

Standalone apps

Standalone apps have the following common features:

  • They're authenticated and interact with Shopify APIs,
  • They aren’t embedded in the Shopify admin.
  • They expose their own user interface, on their own web domain.
  • When Shopify merchants open a standalone app in the Shopify admin, it opens in a new browser tab.
  • Standalone apps can’t use app extensions to add features to the Shopify admin or POS.

Embedded apps

Embedded apps have the following key features:

  • They're hosted on your own infrastructure, but display directly in the Shopify admin or POS inside an iframe.
  • They use Shopify App Bridge, a JavaScript library that enables apps to connect with Shopify’s UI.
  • They have access to app extensions

About app extensions

App extensions let you extend your app’s functionality and UI into different areas of Shopify, including the Shopify admin, POS, Flow, and online store. For example, you could add a bulk action link to the actions dropdown on the Products page of the Shopify admin, allowing merchants to edit multiple products simultaneously. By using app extensions for your apps, you can offer value to users within their existing workflows in Shopify.

Because embedded apps appear directly inside the Shopify admin, we encourage developers to use Polaris, Shopify’s open-source design system, for a more consistent user experience.

POS apps

Shopify POS allows merchants to use Shopify as a point-of-sale app on a smartphone or tablet, or to use dedicated Shopify hardware.

Developers can extend or add new features to Shopify POS. Review Shopify App Bridge for details on which features can be customized.

How merchants manage their apps

Merchants manage apps by installing them in their stores, authorizing Shopify to share certain data with that app. Installation varies for public and private apps.

Installing public apps

Public apps are installed using OAuth. During installation, a URL is displayed to the merchant to request specific API access scopes. Provided that the merchant grants the requested access, then the app can be installed.

The installation process can be initiated with any web link. However, listing in the Shopify App Store is the best way to reach the greatest number of potential customers.

Installing custom apps

Custom apps can only be installed by a single Shopify store, via a whitelisted install link tied to the merchant's store URL. To test your custom app without limits on installations, you should install it on a development store.

Custom apps can only be installed on a merchant store once. Only generate your custom app's install URL when you're ready for a merchant to install the app, as it can't be changed or updated later.

Before you generate an install link, you'll need to know the merchant's myshopify.com URL. When your app is ready for merchants to use, follow these steps to create a one-time install URL:

  • Click 'Generate Link' on your app's overview page
  • Enter the merchant's myshopify.com URL
  • An install link will be generated, which must be manually sent to the merchant for installation

Installing private apps

Private apps use basic HTTP authentication with credentials generated by a single store. If the app has a valid API key and secret for that store, then it has access to the store’s data.

How apps get uninstalled

Merchants can delete apps from their stores at any time. Deleting an app revokes API access tokens for that store, stops subscription payments, and generates an uninstall webhook.

Uninstall events also occur when a Shopify store using an app is closed or suspended. Refer to the Webhook for more information.

Shopify’s API Terms of Use require app developers to delete certain data as part of the uninstall process. Be sure to review the GDPR requirements to make sure your app is compliant.