For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dev Portal
DocsAPI ReferenceLearnCommunityChangelog
DocsAPI ReferenceLearnCommunityChangelog
  • Overview
    • Quick Start
    • Sandboxes
    • Tools & SDKs
    • Support
  • Docs
      • Getting Started
      • Becoming a Partner
        • Introduction
        • Quick start
          • Types of apps
          • Building Catalyst-compatible apps and integrations
          • Beginning development
          • Managing apps in Dev Portal
          • Locating app IDs
          • Implementing OAuth
          • Handling callbacks
          • Supporting multiple users
          • Listening for events
          • Designing the UI
          • Creating install buttons
          • Following best practices
          • Approval requirements
          • Publishing apps
        • Optimizing multi-storefront apps
        • Building for Catalyst
      • Metafields
      • Scripts
      • Shipping Providers
      • Tax Providers
    • Archive
    • Closed Beta Programs
Dev Portal
LogoLogo
On this page
  • General requirements
  • Listing
  • Functionality
  • Installation
  • FAQ
  • Next steps
  • Resources
  • Sample apps
  • Tools
  • Blog posts
DocsIntegrationsAppsGuide

App Store Approval Requirements

Was this page helpful?
Previous

App Development Best Practices

Next

Publishing apps

Built with

The Marketplace team reviews all app submissions and tests apps to verify they meet App Marketplace listing standards. Verify your app meets the requirements below before submitting it for approval.

General requirements

  • Make support resources available throughout the app, like during onboarding and on the app’s dashboard within the BigCommerce iframe.
  • Follow branding guidelines when referencing BigCommerce (see our Media Kit for more information). Don’t reference competitor platforms in the app’s listing information or dashboard.
  • Use the same app name in app submission and in app content such as logos and descriptions.
  • Keep app titles concise. Avoid using extra taglines or descriptors; include those in the app summary, if necessary.
  • Include the name of both your brand and any connected third-party platforms in the title (ex: “Marketplace by BigCommerce” or “Search by BigCommerce”).
  • Develop app client-side code to be compatible with all BigCommerce supported browsers and default features.
  • Include applicable test account details in your test instructions with the submission for any third-party services required in the app.
  • Use BigCommerce APIs for app functionality wherever possible. For example, don’t require a merchant to manually import a product CSV if those products can be retrieved using the BigCommerce API.

Listing

  • Approval for the App Marketplace requires all fields listed in the Publishing Apps section (Case Studies and Videos are optional).
  • Listings should be well worded, cleanly formatted, and follow wording and image specifications.
  • App listing name should be restricted to only branding and not include taglines.

Functionality

  • Apps must work as intended and cannot conflict with BigCommerce functionality.
  • Apps must use V3 endpoints in favor of V2 endpoints when feature parity exists.
  • Apps must serve all callback URLs over HTTPS.
  • Apps in the App Marketplace must be multi-user enabled.
  • Apps that process transactions or handle credit card data must pass a PCI Compliance review by BigCommerce’s security team and provide both a PCI-DSS Attestation of Compliance and a data flow diagram. BigCommerce only accepts pre-approved new payment gateway app submissions for App Marketplace review.
  • Apps that access the Checkout Content scope will also be subject to a security assessment by BigCommerce’s security team.
  • Apps that modify the checkout experience must use the BigCommerce Checkout SDK.
  • Apps that add another marketplace or sales channel to a store should make use of the Channels Toolkit and follow Channel App Requirements.
  • Apps that create orders in the BigCommerce store need to properly mark accurate order source, payment method, and other order details.
    • To supply the order source, include the external_source field in the request body with your app’s ID as the value. This is required if you are submitting your app for marketplace approval.
We have paused all new externally built payment integrations for our publicly available BigCommerce Marketplace. We are updating our available APIs to create a more robust experience and hope to re-open this program in the near future. Please reach out to paymentspod@bigcommerce.com with any questions.

Installation

  • Apps should be single-click and use OAuth flow to authenticate.
  • Apps must respond to install callback with styled and branded HTML for the control panel iframe; this content cannot be blank and must follow our user-interface constraints. Apps using BigDesign are preferred.
  • Apps must store user tokens against the store hash, not the user’s email address, to avoid problems with ownership changes and multiple user support.
  • Apps need to include options for new user registration as well as existing users.
  • Apps should autofill registration fields such as email address and store URL based on the store’s information.
  • Apps should include onboarding instructions and any setup requirements after installing.
  • Apps that install scripts must use the Scripts API to insert into Script Manager using proper consent_category.

If your app cannot meet these requirements, email appstore@bigcommerce.com to discuss your options for approval.

FAQ

Are all fields required? For App Marketplace approval, you’ll need to fill out all fields on your listing with applicable content and links. These will be reviewed as part of the Marketplace approval process. Case Studies and Videos are optional.

Next steps

  • Publish your app.

Resources

Sample apps

  • Node / React / Next.js
  • Python / Flask
  • PHP / Silex
  • Ruby / Sinatra
  • Laravel / React

Tools

  • Node API Client
  • Python API Client
  • PHP API Client
  • Ruby API Client
  • Ruby OmniAuth Gem
  • BigDesign Developer Playground
  • Figma Component Library

Blog posts

  • How to Test App Authentication Locally with ngrok
  • Building a BigCommerce App Using Laravel and React
  • BigDesign Tutorial