Payments apps
Payments apps are apps that integrate with the Shopify admin to provide customized payment processing services for merchants. Only approved Partners can build payments apps on Shopify's Payments Platform.
Payments apps provide merchant stores with the following features:
- provide additional payment methods
- perform specific operations on payment methods
- control payment security for buyers
- automate payment services, such as reoccurring payments
- decide if they want to capture funds at the time of purchase or at the time of fulfillment. For more information, refer to Payment authorization
How payments apps work
Anchor link to section titled "How payments apps work"Payments apps come in two types: offsite payment apps and credit card payment apps.
Offsite payment apps redirect customers to an app-hosted website to complete the payment process with alternative payment methods supported by the payments app.
Credit card payment apps allow customers to complete the payment process directly on the merchant's website with additional features such as 3DS authentication supported by the payments app.
The choice between the two types of payment apps depends on the specific needs and preferences of the merchant and their customers. Some merchants may choose to use both types of payment apps to offer their customers a wider range of payment options.
Requirements
Anchor link to section titled "Requirements"- You've created an app in the Partner Dashboard or using Shopify CLI.
- Your app meets the following requirements:
For more information, refer to requirements for third-party payments apps.
If you don't meet the requirements, then Shopify can remove your app from the public list of payment gateways, suspend access to the payments ecosystem, terminate participation in the payments ecosystem, or take any other action deemed necessary.
Feature requirements
Anchor link to section titled "Feature requirements"Payments apps need to have the following features:
- Merchants can charge, refund, and process test transactions.
- The app complies with the regulatory requirements for Strong Customer Authentication in the countries where credit card payments are processed. Being compliant might include implementing 3D Secure authentication.
Technical requirements
Anchor link to section titled "Technical requirements"- Idempotency: To provide a consistent buyer experience, payments apps must implement idempotency.
- Retry policy: In case of network errors, payments apps must retry their requests according to the retry policy.
- Mutual TLS (mTLS): Authentication must be implemented to guarantee that traffic is secure and trusted in both directions between Shopify and your payments app. This authentication allows your app to confirm if an upstream request has originated from Shopify. Payments apps must use the Shopify CA certificate for verification.
- HMAC verification: For payments app installation, the
hmac
parameter is included in the redirect to your payments app URL. You need to verify the authenticity of these requests using the providedhmac
. However, the HMAC verification process isn't applicable for payments operation requests that are initiated from Shopify to your payments app, such aspayment
,refund
,capture
, andvoid
. As a result, payments requests, don't include anhmac
parameter. - Rate limiting: Your app's GraphQL requests are rate limited according to the rate limiting guidelines.
- API versioning: Partners must implement a supported version of Shopify's Payments Apps APIs. Partners can't use the
unstable
version of Shopify's Payments Apps APIs in production. Partners can configure the API version that their payments app will use to receive requests from Shopify. Partners must use the same API version for sending GraphQL requests. API versions are updated in accordance with Shopify's general API versioning timelines. - 3-D Secure: If you offer credit card payment methods in a country where 3-D Secure authentication is mandated, then you must support 3-D Secure authentication.
- GDPR: You need to implement GDPR webhooks.
- Payments app extension configuration change approvals: To provide a positive buyer experience, your payments app extension configuration changes must be approved by Shopify. For more information on payments app extension changes and reviews, refer to the payments apps approval process.
Merchant experience requirements
Anchor link to section titled "Merchant experience requirements"- Payments apps must, at a minimum, be operational and available on a 24-hour, 7 days a week basis at least 99.95% of the time in any measurement period.
- In the event of outages or issues, Partners must respond within 2 hours.
- Payments apps must provide servicing support to all merchants.
Payments app approval process
Anchor link to section titled "Payments app approval process"Before a payments app can be approved on Shopify’s Payments Platform, three reviews are required:
- Payments Partner application review
- Payments app extension review
- Payments app review
Payments Partner application review
Anchor link to section titled "Payments Partner application review"The Partner applies to become a Payments Partner.
Partners should take time to review the “Additional Terms Applicable to Payments Developers” section of the Shopify Partner Program Agreement. If you aren't a Shopify Partner yet, then you must sign up to be a Partner.
We grant the Partner access to build a payments app.
If you've been approved to be a Payments Partner, then you'll be granted access to Shopify’s payments ecosystem. You'll need to sign a revenue share agreement, which we provide in an email when you're approved.
The Partner creates a new app in the Partner Dashboard or Shopify CLI.
Payments app extension review
Anchor link to section titled "Payments app extension review"The Partner creates and configures the payments app extension.
The Partner submits the payments app extension for review.
We review the payments app extension.
If the app extension is approved, then the Partner can now publish the app extension.
The Partner selects a distribution method for the app in the Partner Dashboard.
The Partner tests the payments app extension on a development store.
If we reject your payments app extension, then we'll send you an email indicating next steps. Make sure that you check the business email for your Partner account, as well as the email address included in your Payments Platform application. After making the required changes, you can resubmit your app extension.
Payments app review
Anchor link to section titled "Payments app review"Before this step of the review process, you must sign the payments app revenue share agreement. The link to the agreement is included in your Payments Platform application acceptance email. If you're unable to locate the agreement, then contact Partner Support. If you submit your app for review before you sign and submit the revenue share agreement, then your app will be rejected.
The Partner fills out the app listing and submits the payment app for review. For more information, refer to the app review process.
We review the app.
If we approve the app, then the Partner can launch the app.
Optional: If the app needs to be changed before it can be approved, then the Partner reconfigures the payments app extension and submits a new version of the payments app extension for approval.
Payments app lifecycle
Anchor link to section titled "Payments app lifecycle"A payments apps can go through four states. Each of these states defines by whom and how your app can be installed, and the general visibility of the app for merchants. The states are the following:
Development
: The default state of a payments app isDevelopment
, after your first extension version is approved and published. The payments app can then be installed on dev stores for testing purposes.Hidden
: The payment app entersHidden
state after the app is approved and published by the app review team. The payments app isn't discoverable to merchants through the admin, but can now be installed by merchants by sharing the installation URL available in your dashboard.Generally Available
: The payments app entersGenerally Available
state by request if it meets certain criteria, such as being used by at least 50 Shopify stores and has processed over 1,000,000 USD. The payments app is now discoverable from the store admin as an alternative payment provider for all merchants in supported countries. It will also appear in the public payments brochure.Not Installable
: If the payments app fails to meet the minimum product requirements, it will be put intoNot Installable
state. In this state, the app isn't discoverable to merchants through the admin. The installation URL is removed from your dashboard, and it cannot be used for installation. The app can't be installed on any new shop, but shops that had the app installed previously will still be able to use it.
Development |
Hidden |
Generally Available |
Not Installable |
|
---|---|---|---|---|
Visible as alternative payments provider ? | only on dev stores | only if installed | yes | only if installed |
Can process payments ? | only in test mode | yes | yes | yes |
Has an installation URL ? | no | yes | yes | no |
Visible on brochure ? | no | no | yes | no |
You can view the payments app state when you edit a version from the Edit draft page of your payments app extension.
Supported features
Anchor link to section titled "Supported features"Payments apps support the following features:
Supported payment methods
Anchor link to section titled "Supported payment methods"Merchants can use payments apps to redirect customers to an app-hosted page for payment processing, which can include the following payment methods:
- Wallets (refer to Prohibited actions for current limitations)
- Buy Now Pay Later / Installments / Buyer Financing
- Cards
- Bank Transfers / Online Banking
- Cryptocurrency
- Cash and ATM
Supported payment operations
Anchor link to section titled "Supported payment operations"The payment methods support the following operations:
- Charge: Partners can collect a buyer’s payment information and charge them for their purchase.
- Refund: Merchants can trigger a refund from their Shopify admin.
- Authorize: Merchants can place a hold that can be charged at a later time.
- Capture: Merchants can charge the amount previously specified via an authorization.
- Void: Merchants can cancel a previously authorized amount.
Payments Partner responsibilities
Anchor link to section titled "Payments Partner responsibilities"Payment processing is a core part of Shopify merchants’ workflows. Our stores run 24/7 selling to buyers in a variety of currencies across the globe. We rely on and trust our Payments Partners to provide a secure environment for buyers to purchase and help merchants handle settlement and payouts.
Payment security
Anchor link to section titled "Payment security"During a buyer’s purchase, payments apps are responsible for the following:
- Securely collecting a buyer’s payment information and adhering to applicable law and any PCI requirements or market regulations, including the secure storage of buyer data.
- Processing the payment according to parameters specified by Shopify.
- Redirecting the buyer to Shopify.
- Settling transactions within five days.
Partners are responsible for monitoring and managing risk and fraud. If an unreasonably high percentage of a merchant's payments are fraudulent or high-risk (as determined in Shopify’s sole discretion), then Shopify may take action. Actions can include the following:
- Removing your payments app from Shopify's public list of payment gateways
- Restricting access to Shopify’s payments ecosystem
- Taking any other action deemed necessary
Transparent pricing and flexible merchant agreements
Anchor link to section titled "Transparent pricing and flexible merchant agreements"- Partners must have transparent, easy-to-understand pricing for merchants.
- Partners can't offer low promotional or introductory rates for a limited time to later increase the rate.
- Partners can't refer to any fee, expense, or other costs as Shopify fees on invoices to merchants.
- Partners must allow merchants to terminate their merchant agreements with a 7-day notice period without penalty, fine, or other consequence.
Revenue share
Anchor link to section titled "Revenue share"All Partners are required to have a signed revenue share agreement with Shopify. You must sign and submit the agreement before Shopify can approve a payments app to process real, live payments. Shopify provides the agreement to you as a part of the payments platform access request process.
Revenue share is calculated and applied on total payments volume (total GMV) processed by the payments app for all Shopify merchants with the app installed. Each invoice represents payments that took place from 00:00:00 UTC on the first day of the month to 23:59:59 UTC on the last day of the month. Shopify converts the compensation amounts daily to US dollars to limit foreign exchange risks between the parties to the agreement. Shopify uses xe.com to perform the conversion.
Shopify waives invoicing and collection of revenue share owed to Shopify until the first month that total transaction volume on your Payment Apps exceeds $150,000 USD. When this threshold is met, Shopify produces the invoice and sends it to the billing email provided, alongside bank details for payment.
Prohibited actions
Anchor link to section titled "Prohibited actions"Payments apps aren't permitted to do any of the following:
- Use any Shopify APIs other than the Payments Apps API and mandatory webhooks for GDPR.
- Store payment credentials for unapproved purposes. You can only use credentials for the original transaction or services approved by Shopify.
- Redistribute, share, transfer, sell unauthorized access to Shopify’s Payments Platform without Shopify’s approval. Access to Shopify’s payments ecosystem is strictly provided to the approved Payments Partner only.
- Create fake or fraudulent merchants, orders, or sales.
- Process payment methods that include, but aren't limited to, Apple Pay, Google Pay, Shop Pay, PayPal, and Alipay. Shopify has a direct connection with providers that improves performance and checkout conversion for merchants.
Naming restrictions
Anchor link to section titled "Naming restrictions"To make choosing additional payment methods as straightforward as possible for merchants, you should adhere to certain rules when naming your payments app:
- The name of the payments app can't contain marketing text: For example, the name “World's Best Provider: Get 50 payment methods” isn't allowed. This is because merchants won't see the name of the payments app until they have chosen the payment method they wish to add to their store.
- The name of the payments app can't be used by partners to gain a higher listing: There isn't a general alphabetized directory of payments apps for merchants to navigate. Instead merchants discover payments apps using the payment methods they want to add.
You should make sure that the payment methods and locations offered are accurate because this is the only information that's used to surface the app to merchants. If a name appears to have been created with the purpose of gaining a higher listing on an alphabetized list, then it will not be allowed.
Other considerations for payments apps
Anchor link to section titled "Other considerations for payments apps"- Line items, order ID, and checkout ID aren't available through the Payments Apps APIs.
- Payments apps aren't visible nor installable in the Shopify App Store.
- As part of the payment processing flow, buyers must enter their payment information on a page hosted by the payments developer.
- Create a payments app, and learn how to version and publish your app.