Test RevWatch on a Shopify dev store
Before App Store submission, validate OAuth install on a development store.
1. Create a Shopify Partner app
- Go to partners.shopify.com → Apps → Create app
- Choose Public app (custom for now)
- Set App URL:
http://localhost:3001(dev) or your Cloud Run URL - Allowed redirection URL:
http://localhost:3001/api/shopify/callback - Scopes:
read_products,read_inventory,read_orders
2. Configure .env
SHOPIFY_API_KEY=your_client_id SHOPIFY_API_SECRET=your_client_secret APP_URL=http://localhost:3001
3. Connect from dashboard
- Run
npm run dev - Sign up / log in → Dashboard
- Enter
your-dev-store.myshopify.com→ Connect store - Approve OAuth on Shopify → redirected back with "Shopify connected"
4. What gets tested
- OAuth token exchange and secure storage
- Public + authenticated store scan
- Leak score, findings, and alerts on dashboard
5. App Store submission (when ready)
- Update
shopify.app.tomlwith production URLs - Deploy to HTTPS (Cloud Run / GCP)
- Run Shopify app review checklist (privacy policy, support email, listing copy)
- Submit via Partner Dashboard