Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fluveo.com/llms.txt

Use this file to discover all available pages before exploring further.

All public marketplace apps must pass a review before they are listed. This page explains what our review team checks, what is required, and how to avoid common rejections.

Review process

1

Submit for review

Call POST /v1/apps/:id/submit_for_review when your app is ready. The status changes from draft (or rejected) to in_review.
2

Review team evaluates

Our team checks your app against the guidelines below. This typically takes 1-3 business days.
3

Approved or rejected

If approved, the status changes to published and the app appears in the marketplace. If rejected, the rejection_reason field explains what needs to be fixed.

Required fields

The following must be set before submitting for review:
FieldRequirement
nameRequired for all apps
descriptionRequired for all apps. Should clearly explain what the app does.
redirect_urisAt least one valid HTTPS redirect URI
requested_scopesAt least one scope
privacy_policy_urlRequired for public apps (distribution_type: "public")

What reviewers check

Functionality

  • The app serves a clear purpose that benefits merchants.
  • All declared scopes are justified by the app’s functionality.
  • Redirect URIs use HTTPS and point to working endpoints.

Security

  • OAuth flow is implemented correctly.
  • Tokens are stored securely and not exposed in client-side code.
  • The app does not request more scopes than it needs.

Content

  • App name and description are accurate and not misleading.
  • No trademark violations or impersonation of other apps.
  • No offensive, harmful, or illegal content.

Privacy

  • Privacy policy URL is valid and accessible.
  • The privacy policy explains what data the app collects and how it is used.
  • The app handles merchant data in accordance with its stated policy.

Common rejection reasons

ReasonHow to fix
Missing or broken privacy policy URLEnsure the URL is accessible and contains a complete privacy policy
Overly broad scopesOnly request scopes your app actually uses. Justify each scope in your description.
Vague or misleading descriptionClearly explain what your app does, what data it accesses, and why
Non-HTTPS redirect URIAll redirect URIs must use HTTPS
Missing descriptionAdd a thorough description before resubmitting
Broken redirect endpointEnsure your OAuth callback URL is live and responding

Resubmitting after rejection

If your app is rejected:
  1. Check the rejection_reason field on the app object.
  2. Fix the identified issues.
  3. Update the app with POST /v1/apps/:id.
  4. Resubmit with POST /v1/apps/:id/submit_for_review.
# Check rejection reason
curl https://api.leanrails.com/v1/apps/app_1abc2def3ghi \
  -u "sk_test_xxx:"

# Fix the issue
curl -X POST https://api.leanrails.com/v1/apps/app_1abc2def3ghi \
  -u "sk_test_xxx:" \
  -H "Content-Type: application/json" \
  -d '{
    "privacy_policy_url": "https://yourapp.example.com/privacy"
  }'

# Resubmit
curl -X POST https://api.leanrails.com/v1/apps/app_1abc2def3ghi/submit_for_review \
  -u "sk_test_xxx:"

Updating published apps

Once an app is published, certain fields are restricted to prevent breaking changes for merchants who have already installed the app:
Restricted fieldWhat to do instead
nameCreate a new version of the app
requested_scopesCreate a new version of the app
redirect_urisCreate a new version of the app
categoryCreate a new version of the app
versionCreate a new version of the app
privacy_policy_urlCreate a new version of the app
You can update these fields on a published app without a new review:
  • description
  • short_description
  • icon_url
  • homepage_url
  • support_url
  • webhook_url
  • webhook_events
  • metadata
# Update allowed fields on a published app
curl -X POST https://api.leanrails.com/v1/apps/app_1abc2def3ghi \
  -u "sk_test_xxx:" \
  -H "Content-Type: application/json" \
  -d '{
    "description": "Updated description with new features",
    "support_url": "https://yourapp.example.com/help"
  }'

Private apps

Private apps (distribution_type: "private") do not require review for installation. They are only accessible by the developer’s own merchant account. However, you can still submit a private app for review if you plan to make it public later.

Next steps