Building Shopify Apps: A Developer's Guide to the Shopify App Ecosystem

The Shopify App Store hosts over 10,000 apps and generates billions in revenue for developers. Whether you are building a custom app for a single merchant or a public app for thousands of stores, understanding Shopify's app architecture, APIs, and ecosystem is essential. This guide covers everything developers need to know to build, launch, and scale Shopify apps in 2026.

Q: What types of Shopify apps can you build?

There are three types of Shopify apps: public apps listed on the Shopify App Store for any merchant to install, custom apps built for a single specific store, and draft apps used during development and testing. Public apps go through Shopify's review process, while custom apps are installed directly via the store's admin.

App Types Explained

Public Apps

Public apps are listed on the Shopify App Store and can be installed by any Shopify merchant. They use OAuth for authentication and must comply with Shopify's app review guidelines.

Characteristics:

• Available to all 4.8+ million Shopify stores
• Revenue through subscriptions, usage charges, or one-time purchases
• Must pass Shopify's app review process
• Use OAuth 2.0 for merchant authentication
• Subject to Shopify's App Store policies and quality standards

Custom Apps

Custom apps are built for a single store and do not go through the App Store review process. They are installed directly through the store's admin panel.

Characteristics:

• Built for one specific merchant
• No App Store listing required
• Access tokens generated in the Shopify admin
• No OAuth flow needed
• Ideal for bespoke business logic and integrations

Draft Apps

Draft apps are used during development. They function like public apps but are only installable on development stores. They convert to public apps upon submission to the App Store.

Setting Up Your Development Environment

Shopify CLI

Shopify CLI is the official command-line tool for app development. It scaffolds projects, manages development stores, and handles app deployment.

Getting started:

1. Install Node.js 18+ and npm
2. Install Shopify CLI: npm install -g @shopify/cli @shopify/app
3. Create a new app: shopify app init
4. Choose your framework (Remix is the default and recommended choice)
5. Start development: shopify app dev

The CLI automatically sets up ngrok tunnels for local development, manages app authentication, and provides hot module reloading.

Development Store

Create a free development store through your Shopify Partner Dashboard. Development stores have full access to all Shopify features and do not require a paid plan. You can create unlimited development stores for testing.

Shopify APIs

Shopify provides several APIs for different use cases:

| API | Authentication | Use Case | |-----|---------------|----------| | Admin API (REST) | OAuth / Access Token | Store management, orders, products, customers | | Admin API (GraphQL) | OAuth / Access Token | Same as REST but with flexible querying | | Storefront API | Storefront Access Token | Customer-facing features, headless commerce | | Checkout API | Checkout Access Token | Custom checkout experiences (Plus only) | | Payments Apps API | Partner credentials | Payment gateway integration | | Functions API | Wasm modules | Custom discounts, shipping, validation logic |

Admin API

The Admin API is the primary interface for managing store data. It provides access to products, orders, customers, inventory, fulfillment, and more.

GraphQL vs REST:

Shopify recommends the GraphQL Admin API for new development. Benefits include:

• Request exactly the fields you need (no over-fetching)
• Fetch related resources in a single request
• Strongly typed schema with introspection
• Better rate limit utilization (cost-based instead of request-based)

GraphQL example -- Fetching products:

query {
  products(first: 10) {
    edges {
      node {
        id
        title
        variants(first: 5) {
          edges {
            node {
              price
              inventoryQuantity
            }
          }
        }
      }
    }
  }
}

Rate limits:

• GraphQL Admin API: 1,000 cost points per second (each field has a cost)
• REST Admin API: 40 requests per second (Basic/Shopify), 80 (Advanced/Plus)
• Storefront API: 100 cost points per second

Storefront API

The Storefront API is designed for customer-facing experiences. It provides unauthenticated access to products, collections, and cart functionality. Use it when building:

• Custom storefronts (headless commerce)
• Mobile apps
• Buy buttons embedded on external websites
• Product recommendation widgets

Webhooks

Webhooks notify your app when events occur in a merchant's store. Instead of polling the API, Shopify sends HTTP POST requests to your endpoint when data changes.

Essential webhooks for most apps:

• orders/create -- New order placed
• orders/updated -- Order status changed
• products/update -- Product data modified
• products/delete -- Product removed
• app/uninstalled -- Merchant uninstalled your app
• shop/update -- Store settings changed

Webhook best practices:

1. Respond quickly -- Return a 200 status within 5 seconds; process data asynchronously
2. Handle duplicates -- Shopify may send the same webhook multiple times; implement idempotency
3. Verify signatures -- Validate the X-Shopify-Hmac-SHA256 header to confirm authenticity
4. Implement retry logic -- If your endpoint fails, Shopify retries up to 19 times over 48 hours
5. Use mandatory webhooks -- Register app/uninstalled, customers/data_request, customers/redact, and shop/redact for compliance

Building App UI with App Bridge and Polaris

Shopify App Bridge

App Bridge enables your app's UI to render inside the Shopify admin. It provides:

• Navigation integration with Shopify's admin sidebar
• Modal dialogs, toast notifications, and loading bars
• Resource picker for selecting products, collections, and customers
• Title bar with primary and secondary actions

Polaris Design System

Polaris is Shopify's React component library. It provides pre-built UI components that match Shopify's admin design language:

• Forms, buttons, and input fields
• Data tables and resource lists
• Cards, banners, and layout components
• Date pickers, filters, and pagination

Using Polaris ensures your app feels native within the Shopify admin and passes the design review.

Shopify Functions

Shopify Functions allow you to run custom business logic on Shopify's infrastructure using WebAssembly (Wasm). They replace legacy Script Editor scripts and run at key points in the commerce flow:

• Discount Functions -- Custom discount logic (BOGO, tiered pricing, volume discounts)
• Shipping Functions -- Custom shipping rates and delivery options
• Payment Functions -- Hide or reorder payment methods at checkout
• Validation Functions -- Custom cart and checkout validation rules
• Fulfillment Functions -- Custom fulfillment location routing

Functions execute in under 5ms and run on Shopify's servers, ensuring they work regardless of the storefront technology (Liquid, Hydrogen, or third-party).

The App Review Process

Public apps must pass Shopify's review before listing on the App Store. The review evaluates:

Technical requirements:

• App must use the latest versions of Shopify APIs
• Proper OAuth implementation with correct scopes
• HTTPS for all endpoints
• Mandatory webhook handlers for GDPR compliance
• Error handling and graceful degradation

User experience requirements:

• Use Polaris components for admin UI
• Provide clear onboarding and setup instructions
• Include a help/support link within the app
• Responsive design for all admin screen sizes

Business requirements:

• Clear and accurate App Store listing
• Transparent pricing and billing
• Privacy policy and terms of service
• Support channel with reasonable response times

Common rejection reasons:

1. Requesting unnecessary API permission scopes
2. Missing GDPR webhook handlers
3. Poor UI that does not follow Polaris guidelines
4. Inadequate error handling
5. Broken functionality during review

The review process typically takes 7-14 business days. Address feedback promptly -- Shopify provides specific guidance on required changes.

Monetization Strategies

Shopify supports several billing models through the Billing API:

| Model | Best For | Example | |-------|----------|---------| | Monthly subscription | Core app features | $9.99/month for basic, $29.99/month for pro | | Annual subscription | Committed customers | $99/year (discount over monthly) | | Usage-based billing | Variable consumption | $0.01 per API call or email sent | | One-time charge | Lifetime access | $49.99 one-time purchase | | Freemium | User acquisition | Free tier with paid upgrades |

Pricing tips:

• Shopify takes a 15% revenue share on the first $1M in revenue, then 0% (as of their current partner program terms)
• Offer a free trial (7-14 days is standard)
• Create clear value differentiation between pricing tiers
• Consider usage-based pricing for apps with variable resource consumption

Testing and Quality Assurance

Before submitting your app for review:

1. Unit tests -- Test core business logic in isolation
2. Integration tests -- Test API interactions with Shopify's development store
3. UI tests -- Verify Polaris components render correctly
4. Webhook tests -- Validate webhook processing with test payloads
5. Performance tests -- Ensure API calls stay within rate limits under load
6. Security audit -- Check for XSS, CSRF, and injection vulnerabilities
7. OAuth flow test -- Verify installation, authentication, and uninstallation

Use Shopify's partner dashboard to simulate different store configurations and plan types.

Professional App Development

Building a Shopify app requires expertise in React, GraphQL, Node.js, and Shopify's specific platform patterns. ECOSIRE provides professional Shopify app development services for businesses that need custom functionality beyond what existing apps offer.

Whether you need a custom app for your own store or want to build a public app for the Shopify ecosystem, our development team handles architecture, development, testing, and App Store submission. We also offer automation solutions that integrate with Shopify's APIs and webhooks.

Contact our team to discuss your Shopify app development project.

Key Takeaways

• Shopify offers three app types: public (App Store), custom (single store), and draft (development)
• The GraphQL Admin API is recommended over REST for new development
• Webhooks enable real-time event processing without polling
• Shopify Functions run custom business logic on Shopify's infrastructure via WebAssembly
• App Bridge and Polaris ensure your app integrates seamlessly with the Shopify admin
• The app review process takes 7-14 days and evaluates technical quality, UX, and business requirements
• Monetize through subscriptions, usage-based billing, or one-time charges via the Billing API