Our new app was finally reviewed and was rejected with this text:
Shopify can't guarantee the safety or security of an order that has been placed through an offsite or third party checkout.
Apps that bypass checkout or payment processing, or register any transactions through the Shopify API in connection with such activity, are prohibited.
We have confirmed that your app is bypassing the Shopify checkout, as an order was created in the Shopify admin when the gift was claimed, without going through the Shopify checkout.
Refer to this screencast for your reference.
This is considered bypassing the checkout process as upon checking the payment was processed by your app.
What we do:
- Merchant creates a campaign and send gifts to users - he fills list of users and products
- User fills the address, contact data and sends the form
- We create draft order, and immediately mark the order as paid
Everything is working with the official Shopify GraphQL API.
I don’t understand how we bypass checkout in cases when we don’t need to collect payment information from user. What am I missing?