I’m trying to build a non-embedded Shopify app for my own web application (external SaaS), similar to apps like Georgia or Hive, where:
The app runs outside of the Shopify Admin
Merchants install it via Shopify OAuth
After installation, users are redirected to my own web app, not an embedded iframe
The problem I’m running into is that most of the official Shopify documentation seems to assume embedded apps by default (App Bridge, embedded UI, admin iframe, etc.), and I’m getting more confused the more I read.
What I don’t clearly understand:
Where is the official documentation specifically for non-embedded apps?
Is a non-embedded app still created the same way in the Partner Dashboard, just with embedded = false?
What is the recommended OAuth flow for a non-embedded app in 2026?
After OAuth, is redirecting merchants to my own dashboard domain the correct approach?
Are there any reference implementations or examples for modern non-embedded Shopify apps?
Right now it feels like the docs talk around this use case but never explain it clearly end-to-end.
If anyone has built a non-embedded app recently or can point me to the right docs or mental model, I’d really appreciate it.
Yes, in general Shopify is moving toward embedded apps as the new default. There are many incentives for you as an app developer to publish an embedded app.
However, if you have some kind of restriction for taking this approach, you still can.
You’ll have to:
Disable embedded in your shopify.app.toml
Implement your own OAuth handshake with Shopify
Issue your own session tokens for authenticated merchants after OAuth
Don’t expect too many up to date references on this, you’ll just have to learn about OAuth and choosing and implementing your own session token management.
Hi @Dylan, just doing some research for my own scenario and it is very similar to Amins.
• We use Auth0 as our authentication provider.
• After the Shopify OAuth flow completes, we validate the Shopify HMAC ourselves.
• Once the request is verified, we create and manage the merchant session using Auth0 tokens.
I am expecting we’ll be ready for our app store submission by the end of the month. Hoping there has been no change in these requirements and we don’t have to significantly change our app which would set us back.
