How to avoid bypassing Shopify checkout?

Our new app was finally reviewed and was rejected with this text:

Shopify can't guarantee the safety or security of an order that has been placed through an offsite or third party checkout. 
Apps that bypass checkout or payment processing, or register any transactions through the Shopify API in connection with such activity, are prohibited. 
We have confirmed that your app is bypassing the Shopify checkout, as an order was created in the Shopify admin when the gift was claimed, without going through the Shopify checkout. 
Refer to this screencast for your reference. 
This is considered bypassing the checkout process as upon checking the payment was processed by your app. 

What we do:

  1. Merchant creates a campaign and send gifts to users - he fills list of users and products
  2. User fills the address, contact data and sends the form
  3. We create draft order, and immediately mark the order as paid

Everything is working with the official Shopify GraphQL API.

I don’t understand how we bypass checkout in cases when we don’t need to collect payment information from user. What am I missing?

1 Like

Hey @irek.khasianov, just to confirm, these are gifts that the merchant is sending to customers, not orders that would need to be purchased in any way?

Can you share the reason that you’re creating draft orders as opposed to a mutation like orderCreate? Can you share some of those specific resources they linked to, to outline any policies?

The solution may be as simple as updating your app review notes to more clearly explain the functionality of your app and that it’s not enabling transactions in any way.

After consulting with our app review team, the issue looks to be the final step when you mark the order as paid, as that is creating an order outside of the checkout.

In this case, sending the customer the invoice to complete the checkout would be a better method.