Skip to main content

App Requirements

If you want to build your App from scratch, you should know that to make it installable in the Dashboard, the App requires implementation of the following endpoint:

  • Manifest URL - to get your app's metadata.
  • Register URL - to exchange the app token. Only required when tokenTargetUrl is set in the manifest.
info

We recommend using Saleor App Template as a starting point for building your App. It provides all the necessary boilerplate needed to focus on your app's logic.

Manifest URL​

  • Method: GET
  • Response - JSON with a valid App Manifest
  • Suggested path: /api/manifest

Saleor will call this endpoint to get your App metadata. It returns the App's name and description, as well as all the necessary information to register webhooks, permissions, and extensions.

Dashboard and Saleor API will use this endpoint to retrieve information needed to install the App.

To learn more about what Manifest consists of, please check the Manifest docs or explore its type.

If your App is built with Next.js, you can use a helper from @saleor/app-sdk that creates a Manifest handler with minimal config.

Register URL​

  • Method: POST
  • Response - status 200
  • Suggested path - /api/register
info

This endpoint is only required when app needs an access token. If your app doesn't need to consume the Saleor protected API (e.g., a static app that only serves an iframe in the Dashboard), you can omit tokenTargetUrl from the manifest and skip implementing this endpoint.

During the installation of an App, Saleor will call this endpoint if tokenTargetUrl is provided in the manifest.

When calling the "register" endpoint, Saleor will add the auth_token param to the request body and domain header. The App's job is to save the token and use it to run API calls.

While we suggest /api/register path, it can be configured in Manifest with the tokenTargetUrl field.

You can write this endpoint on your own, but we recommend using a helper provided by @saleor/app-sdk.

To use this helper, you must provide a valid Auth Persistence Layer - APL, that will handle storing token and domain pairs for your App.