How to avoid bypassing Shopify checkout?

Our new app was finally reviewed and was rejected with this text:

Shopify can't guarantee the safety or security of an order that has been placed through an offsite or third party checkout. 
Apps that bypass checkout or payment processing, or register any transactions through the Shopify API in connection with such activity, are prohibited. 
We have confirmed that your app is bypassing the Shopify checkout, as an order was created in the Shopify admin when the gift was claimed, without going through the Shopify checkout. 
Refer to this screencast for your reference. 
This is considered bypassing the checkout process as upon checking the payment was processed by your app. 

What we do:

  1. Merchant creates a campaign and send gifts to users - he fills list of users and products
  2. User fills the address, contact data and sends the form
  3. We create draft order, and immediately mark the order as paid

Everything is working with the official Shopify GraphQL API.

I don’t understand how we bypass checkout in cases when we don’t need to collect payment information from user. What am I missing?

1 Like

Hey @irek.khasianov, just to confirm, these are gifts that the merchant is sending to customers, not orders that would need to be purchased in any way?

Can you share the reason that you’re creating draft orders as opposed to a mutation like orderCreate? Can you share some of those specific resources they linked to, to outline any policies?

The solution may be as simple as updating your app review notes to more clearly explain the functionality of your app and that it’s not enabling transactions in any way.

After consulting with our app review team, the issue looks to be the final step when you mark the order as paid, as that is creating an order outside of the checkout.

In this case, sending the customer the invoice to complete the checkout would be a better method.

@Alan_G Hey Alan, I hope you could help in Kyle`s absence please.

I have just received an email stating that my app has been rejected for the same reason as this thread above ‘Shopify can’t guarantee the safety or security of an order that has been placed through an offsite or third party checkout. Apps that bypass checkout or payment processing, or register any transactions through the Shopify API in connection with such activity, are prohibited. During testing, we noticed that although the products from the generated external link are for free, an order is still generated with a discount code applied in the Admin, which bypasses the Shopify checkout.’

However the way that the app works is that merchants (Brands) choose products from their shopify store that they would like to gift influencers. Then a custom form is created with a custom link - In this form influencers have to fill their delivery address and few basic details and choose the product they would like to receive.

  • Once influencer completes the form an order would be filled where the merchant can then verify the details before fulfilling

The products are sent out for free by the merchant hence why there is no transactions being exchanged.

I really hope you can help resolve this please

Hi @jathushan, thanks for reaching out!

Like Kyle mentioned, the recommended approach for creating unpaid orders via the API is to use the orderCreate mutation instead of draft orders. This mutation allows you to create orders directly through the API without going through the checkout process (or having other order information be taken externally within the context of a draft order, which should be acceptable when no payment is being collected).

Would you be able to share the exact GraphQL mutations you’re currently using to create these gift orders and your app’s flow? Once I have that from you, I’m definitely more than happy to see if we can determine why your app might be encountering the rejection issue here.

App Store listing approval is ultimately up to our App Review team so I can’t guarantee anything, however if your app isn’t bypassing Shopify’s checkout in any form (even as in the case above where a draft order is created but then marked as paid) I can reach out internally to see if we can offer some next steps. It’s possible that using orderCreate in an unintended way could influence their decision as well so I did want to mention that as a possibility.

Hope to hear from you soon - happy to look into this!

Hey Alan,

Thank you for your reply , really appreciate it.

I have just asked my developer and he told me that we are creating an order using the Admin API (not using GraphQL), and the order status is set to ‘paid’ when the order is created.

Is this the right way of doing this please as there are 3 new apps on the shopify Appstore which has the same exact concept as mines where an influencer gets to process an order through an external link using a form. All three apps have been approved and are live on the app store.

App names are: GiftForm ‑ Influencer Gifting , IGF ‑ Influencer Gift Form , Influencer Gift Form ‑ REVGift

Thank you

Hey @jathushan - no worries, I can’t guarantee an outcome on the forums here, but I’m going to send you a DM to gather some more info and I’ll get in touch with our team internally for you. Speak with you soon that way!