Hi team,
Both automated “Embedded app checks” are stuck pending and are blocking submission.
Every other preliminary step is green.
Stuck checks:
- Using the latest App Bridge script loaded from Shopify’s CDN
- Using session tokens for user authentication
App details:
- App name: Cash Trail
- Partner ID: 5035817
- App ID: 394949197825
- Client ID: f0f725fb3c464428843490f9c3d13778
- Hosting: Railway — https://cash-trail-production.up.railway.app
- Stack: Remix, @shopify/shopify-app-remix 4.2.1, @shopify/app-bridge-react 4.2.11
- Dev store: cashtrail-demo-pk.myshopify.com
IMPORTANT CONTEXT — this app genuinely had no qualifying signal until 12 July, and now it does.
Until 12 July this app had never completed a single successful Admin API call.
Root cause: it is a public app created after 2026-04-01, so expiring offline access
tokens are required, but @shopify/shopify-app-remix defaults
future.expiringOfflineAccessTokens to false. Token exchange therefore minted
non-expiring tokens and every Admin API call was rejected with an empty 403.
My Dev Dashboard > Logs page showed ZERO requests from the dev store, and API health
showed “Deprecated offline token use detected”.
Fixed on 12 July:
- future.expiringOfflineAccessTokens: true (alongside unstable_newEmbeddedAuthStrategy: true)
- purged all non-expiring session rows from session storage
- reinstalled on the dev store
Verified working since the fix:
- App Bridge: https://cdn.shopify.com/shopifycloud/app-bridge.js loads with HTTP 200 as
the first script in the server-rendered , with data-api-key. Confirmed in DevTools
Network, Referer = the app URL. - Auth: token exchange only. The session record now stores expires and a refreshToken,
and expires rotates on refresh (observed 1783858929 → 1783893653). - Admin API: Dev Dashboard > Logs now shows “GraphQL request / admin / OK” entries for
cashtrail-demo-pk. Before the fix there were none at all. API health now reports no
deprecated API calls. - The app is opened only from Admin > Apps > Cash Trail, never a direct or tunnel URL.
- The deployed Client ID matches the Partner Dashboard exactly.
- I have interacted repeatedly since the fix: file upload, POST actions, settings save,
billing/plan flow, multiple page navigations — all issuing authenticated Admin API requests.
Where I am stuck:
It has now been 24+ hours and roughly a dozen 2-hour check cycles since the fix, with
confirmed OK Admin API traffic under this App ID in your own logs, and both checks are
still pending.
My question: is the checker possibly still evaluating pre-12-July data, or holding a
cached “no signal” state from the period when this app legitimately had zero successful
API calls? If so, can the check be re-run, or manually verified?
Happy to provide a HAR export or a short screen recording of the embedded load showing
the app-bridge.js CDN fetch and the Authorization: Bearer <session_token> request.
One more data point: I am on Railway, and I have seen at least one other stuck report
from a Railway-hosted app with the same *-production.up.railway.app URL pattern. It may
be worth checking whether that edge is a common factor.
Thanks.