We’re experiencing a session token authentication issue during the Shopify app review process, and we’re hoping someone might have encountered something similar.
Context: We built a custom Shopify app using Remix as our framework.
For authentication and connecting to the Shopify admin, we’re using Shopify App Bridge and handling session storage on our backend (sessions are being saved correctly in our database).
Everything works as expected during development and when tested with real stores — users can authenticate, sessions persist, and the app behaves normally.
Problem: However, during the Shopify app review, we receive an error related to session token authentication. Shopify indicates that session tokens are not being properly authenticated.
What We’ve Verified: Sessions are successfully stored in the DB.
The app loads and functions correctly for users (outside of the review).
We’ve implemented the App Bridge authenticatedFetch correctly to call our backend APIs.
Question: Has anyone else encountered session token authentication issues specifically during the app review process even though everything works correctly otherwise?
Are there any known differences in how Shopify’s review environment handles authentication that we should be aware of, or specific best practices to follow for App Bridge and session token validation during review?
Any insights or suggestions would be appreciated!
