Link

Certify your app

Before you submit your app for certification, you must test the integration for any bugs or errors. Once you submit the following app certification request, we contact you to schedule a short certification call (usually 1-3 hours) to run through some simple scenarios and verify that everything works as expected.

In this call, we use screen sharing to review your app’s integration in your apaleo developer account and your app for all the integrated use cases.

Submit your app certification request

How long does it take for my app to be certified?

We start the certification process as soon as we get your app certification request. We want your app to get through the approval process quickly and without any obstacles.

Prerequisites for a certification call:

  • Complete the app certification request form.
  • Your app uses OAuth 2.0 for authentication.

  • Your app only specifies the scopes that it requires to work and does not ask for unnecessary permissions.
  • Your app can appropriately handle issues like 404s.
  • Your app still works after 3600 seconds (lifetime of the access_token).
  • Instead of polling, consider using webhooks. This way, you won’t hit the rate limit.

Certification call

In the certification call, we verify the following things:

Verification Description
OAuth 2.0 We’ll check how you have implemented OAuth 2.0. The redirect URI used in your implementation of the OAuth 2.0 flow must match the redirect URI you provided when you registered the app.
App details The app works as described in the app listing. After integration, the setup and onboarding flow continue smoothly in your app. The average user can set up and use the app without assistance.
App integration Your app should be able to go through the following integration flow. The user opens the apaleo Store, sees your app and wants to use it. One-click on the Connect to PMS button will open the landing page to allow the user to register for your app.

Your landing page should handle the following scenarios:
- The user doesn’t have an account on your app and will need to become registered.
- The user has an account at your end, but the user is not logged into it.
- The user is logged in to your app.

On connecting with apaleo, OAuth confirmation should pop-up with scopes and a button to “Authorize” the app.
Use cases / API calls You should be able to showcase all the API calls that you’re making to apaleo API.
For example, if you are posting a charge or payment to a folio, you should get the correct folio from apaleo and post the relevant charge or payment to apaleo using the right API endpoints (the exact endpoint including the version and verbs). The data should be updated both in apaleo and your app.
Scopes We’ll verify that your app only requests the scopes that are an absolute must for your use-case.

What’s next?

  • We’ll send you a detailed certification email indicating the outcome of the certification process.
  • Your app will be ready to be published and listed on the apaleo Store if it clears the certification process.
  • If your app does not clear the certification process, we’ll provide detailed feedback on what needs to be fixed. Once those fixes are made, we can have another short certification call to go over the fixes. If they are satisfactory, your app will be ready to be published and listed on the apaleo Store.
  • Post-certification, any significant changes to use cases, and scopes should be relayed to apaleo to assist you with recertifying your app.