Has anyone passed App Review with a COD storefront form using Draft Orders?

Hi everyone,

I’m building a public Shopify App Store app for Bulgarian merchants and I’m trying to understand how App Review currently treats COD/manual-payment quick order flows.

The app would have two flows:

  1. Card/online payment:
    Customer is always redirected to Shopify Checkout. The app does not collect or process card/payment details.

  2. COD/manual payment:
    Customer fills a storefront COD quick order form with name, phone, delivery address or courier pickup point. The app then creates a Shopify Draft Order using the GraphQL Admin API and completes it into a Shopify Order with manual/Cash on Delivery payment status. The order appears in Shopify Orders and the merchant fulfills it normally.

The app does not modify Shopify’s hosted checkout pages and does not process payments outside Shopify.

Question:
Has anyone successfully passed Shopify App Review with a public app that creates COD/manual-payment orders from a storefront form using Draft Orders or orderCreate?

Or is App Review currently treating this as checkout bypass because customer/order information is collected outside Shopify Checkout?

I understand only App Review can make the final decision, but I’m looking for real experiences from developers who submitted similar apps recently.

Hey @Gabriel_Pandov your flow with the COD will not pass since it is completing draft orders. The best path for COD orders would be for the merchants to configure manual payment methods for their checkout.

In addition to that, you could also explore payment functions for showing manual payment options (like COD) when needed.

I think this app may have done what you want:

@KyleG-Shopify This 1-click COD Form public app got the approval on
June 1, 2026. If this app is compliant then why not other new apps? If there is any specific architecture, please guide us through. Thanks.

Thanks for sharing that @RedFox_Digital. I can’t speak to specific apps as I don’t know the specific architecture being used. If it is using API’s that are not permitted then that will be flagged during app quality checks. The best long term solution is to build based on the current guidelines.