Hey @plc,
The embedded app checks are triggered by telemetry from actual app usage in the admin, not just by having the code present. The system needs to observe App Bridge activity and session token events being emitted from your app, so a few things to verify here.
First, make sure your app is deployed to production (your live app URL), not just running locally. If you’ve made any config changes since your last release, you’ll need to run shopify app deploy to push a new version. The checks can’t pick up anything from a local dev server.
Second, “using session tokens” doesn’t just mean having App Bridge loaded. Your backend routes also need to be validating session tokens on authenticated requests. You can verify this by opening your app on a dev store in an incognito window, opening the browser’s Network tab, and triggering any action that calls your backend. You should see an Authorization: Bearer <token> header on those requests. If that header is missing, the session token implementation isn’t complete.
For the App Bridge side, make sure you have the CDN script tag in your <head> with the shopify-api-key meta tag loading before it:
<head>
<meta name="shopify-api-key" content="YOUR_API_KEY" />
<script src="https://cdn.shopify.com/shopifycloud/app-bridge.js"></script>
</head>
If you’re using one of the official Shopify app templates (Remix, React Router, etc.), this is handled automatically and you shouldn’t need to change anything there.
Once you’ve confirmed both sides are working, use the app on a dev store in incognito (browser extensions can interfere with the telemetry), and then give it some time. The checks run every 2 hours, but there can be up to a 2-day lag before the telemetry is fully processed. A similar issue was discussed here if you want to see how other developers resolved it.
Hope this helps!