HomeSetupWidgetBillingReviewHelp

Partner dashboard

Use `.dev` as the merchant app surface.

These values are ready to copy into Shopify once the Partner app is created. They deliberately point to Sniffopotamus.dev so the consumer product stays clean.

App nameSniffopotamus Gift Finder
App URLhttps://www.sniffopotamus.dev/shopify
Allowed redirection URLhttps://www.sniffopotamus.dev/api/shopify/auth/callback
Webhook endpointhttps://www.sniffopotamus.dev/api/shopify/webhooks
Requested scopesread_products, read_themes
Support emailsniff@scentsell.com.au
Privacy URLhttps://www.sniffopotamus.dev/privacy
Terms URLhttps://www.sniffopotamus.dev/terms

Approval gates

What needs a deliberate switch-on.

The code routes exist now. Token persistence, billing, and live merchant configuration should only turn on after the database migration and Partner credentials are in place.

  1. Create the Shopify Partner app and development store.
  2. Set SHOPIFY_API_KEY and SHOPIFY_API_SECRET in Vercel for the .dev app URL.
  3. Run the OAuth install path against the development store.
  4. Apply reviewed Supabase migration for shop/install/token/settings tables.
  5. Register compliance webhooks and verify HMAC delivery.

Official docs used

Primary source checklist.

App Home and App BridgeEmbedded admin apps render in App Home, use App Bridge for admin chrome, and should use Polaris web components.Session tokensCurrent App Bridge automatically adds session tokens to app requests; backend routes still need token verification.Theme app extensionsStorefront widgets should ship as theme app extensions, not by mutating merchant theme files.Build theme app extensionsShopify CLI creates, previews, tests, deploys, and releases app extension versions.BillingPublic App Store apps must use Shopify billing resources unless Shopify says otherwise.Revenue shareCurrent docs say the first USD $1,000,000 gross app revenue from 1 Jan 2025 is 0% revenue share, then 15% above.Privacy law compliancePublic apps must respond to mandatory compliance webhooks even if they collect limited personal data.Sidekick app actionsSidekick extensions can expose app actions later; current limits make this a post-MVP layer.
Next: widget setup