Shopify App Store

What it is: Vertical SaaS marketplace for apps that integrate with Shopify merchants. Curated, reviewed, with a built-in Billing API for monetization. ~13,000+ apps. Status: Mature and growing. Highly profitable for both Shopify and successful app developers. Most relevant to Locara: Best-in-class example of a vertical SaaS marketplace with built-in monetization. Demonstrates how to structure a healthy two-sided market when the platform has genuine integration value.

Background

Shopify opened its App Store in 2009 to extend the core platform. Apps integrate via OAuth + Admin API + Storefront API + webhooks. Shopify reviews apps before listing, sets quality and security requirements, and provides a Billing API that handles subscription/usage billing on the merchant’s behalf. Shopify takes a revenue cut (currently 0% for first $1M in app revenue, then 15%).

This is the most thoughtful vertical-SaaS app store and worth deep study for the marketplace mechanics.

Key design decisions

• Three distribution paths:
  • Public: listed in App Store, requires approval, can use Billing API.
  • Custom: single-store / Plus-org installs, no approval, but cannot use Billing API.
  • Shopify Admin: single-store, very limited.
• OAuth + scoped API access. Apps request specific scopes (read_products, write_orders, etc.) — merchant grants explicitly.
• Mandatory Billing API for paid apps in App Store. Shopify processes the subscription, charges the merchant on their Shopify bill, hands developers their share.
• Revenue share: 0% on first $1M annually, 15% above. Aggressive in developer’s favor at small scale.
• App review with detailed feedback. Quality bar covers performance, accessibility, security, UX consistency.
• Webhooks for events — apps subscribe to order/create, customer/update, etc.
• Embedded apps via App Bridge — apps render inside Shopify admin, look like part of Shopify.
• App Store reviews + ratings. Public, weighted into rankings.
• Theme apps and theme store as parallel marketplace.

What worked

• 0% revenue cut up to $1M is brilliant. Massive incentive to build. App developers get rich on Shopify before Shopify gets a cent.
• Built-in billing eliminates a massive pain point. Developers don’t need Stripe + tax compliance + subscription management.
• Embedded UX (App Bridge) makes third-party apps feel native. Crucial for trust.
• Scoped OAuth permissions with merchant approval = good capability model.
• Real review quality bar. Garbage apps don’t make it in; merchants trust the catalog.
• Reviews + ratings actually work — merchants leave detailed feedback, often technical.
• Thriving developer economy — many small businesses built entirely on top of Shopify apps.

What failed / criticisms

• Approval timelines variable — some apps wait weeks.
• Shopify ships competing first-party features that occasionally cannibalize popular apps. Long-running tension.
• Billing API rigid — hard to do unusual pricing models, free trials are restricted.
• Custom Distribution can’t use Billing API — odd asymmetry that complicates internal/agency app deployment.
• Review process can be opaque for ambiguous rejections.
• App update review friction is significant — non-trivial changes require re-review.
• Discovery skews toward incumbents — top apps get more installs, more reviews, even better ranking.

Specific learnings for Locara

1. 0% take below a threshold is a powerful adoption tool. If Locara ever takes a cut, mirror Shopify: 0% under $X/year, 10–15% above. Ratio rewards small builders.
2. Built-in billing for paid apps is hugely valuable but probably out of scope for v1 Locara. Direct devs to Stripe/Lemon Squeezy/MAS for now; build a thin Billing API in phase 4+ if it becomes a differentiator.
3. Scoped capability declarations + user approval at install is exactly the pattern. Locara’s manifest = Shopify’s OAuth scopes.
4. Embedded UX matters. Locara’s <Chat>/<DocDropzone>/etc. component library is the equivalent of App Bridge — makes apps feel like one consistent product.
5. Real review quality bar builds catalog trust. Even at 100 apps, having “all of these are good” is more valuable than 10,000 of varying quality. Be selective.
6. Reviews + ratings as a feature. Users can rate apps; reviews are public, weighted, and surface on app listings. Plan for this.
7. Asymmetric paths (public/custom/private) are useful for handling enterprise / internal use cases without polluting the public catalog. Worth modeling: a “private app” mode where a Locara app only installs from a specific signed manifest URL, never appears in the public registry.
8. Don’t compete with your developers. Shopify’s tension shipping first-party features that cannibalize apps is a recurring trust issue. Locara should commit publicly to which categories it will and won’t enter.
9. Plan for slow-but-real review. Auto-approve trivial cases (no capability changes, manifest unchanged); human-review meaningful changes. Set timeline expectations explicitly.

References

• https://shopify.dev/docs/apps/launch/distribution
• https://shopify.dev/docs/apps/billing
• https://shopify.dev/docs/apps/build/app-bridge
• Shopify Partner blog (revenue split announcements)