After receiving your app submission, Envoy will follow up with you to kick off the app review process. The app review process involves 4 steps and is typically completed in 5-10 business days after submission.
For your app to be successful, it should offer a consistent and positive experience for the workplaces that use it.
To ensure that every app experience is delightful each submitted app is required to complete the following:
- A 30-60 minute call to demo your app - During the call, you will review your app install flow, onboarding, error scenarios, and user flows.
- A technical assessment for your app - During the call, your application code and architecture will be reviewed by Envoy. When your submission passes your app will move to the next phase, listing review.
- Testing by our app certification team - You'll provide our team a sandbox account to test your app install flow.
- When a user clicks install from your app's listing, your app must immediately authenticate using OAuth before any other steps occur.
- Your app must use the setup steps in the integration builder to guide the user through all necessary steps to install the integration.
- All of your app settings and necessary configuration to operate the integration must be built into the integration. The user cannot be required to go to a separate application to manage or configure the app.
- Your app must make use of Envoy's APIs and or webhooks.
- Your app must be a stable, finished product when you submit it. It shouldn't be in beta or an otherwise unfinished state.
- Your app cannot be in a broken state or have bugs
- If your app fails or has an issue it must display the error to the user (admin, visitors, or employees). The error message should be actionable to help the user navigate to the next step.
- Your app should improve or extend a feature of an existing Envoy product or platform.
- Your app should use job attachments for logging key information in the Envoy Dashboard for administrators to review.
- Your app must store salted password hashes instead of actual passwords, as described on OWASP.
- Your app must be protected against cross-site request forgery attacks, cross-site scripting attacks, and other security vulnerabilities.
- Your app must be served over HTTPS using a valid SSL certificate.
- If using webhooks your app must validate the signature of the webhooks.
- Your app should only request and have access to scopes that are necessary for it to function.
- Your app must never request that a user generate and provide a private API key
The app listing helps admins find your app and understand how it can help them run their workplaces. Your listing explains the features, user interface, and functionality of your app. Your listing should clearly communicate functionality and pricing so that admins can quickly understand the benefits of your app.
- Your app should clearly communicate the app's functionality and the key benefits of Envoy.
- Any marketing materials referencing Envoy must adhere to Envoy’s brand and marketing guidelines.
- You have adequate resources to support the customers who are using the app. This includes dedicated support via email and phone contacts that are provided.
- Your app contains an installation and or user guide that is publicly available.
- There is a clear way for the customer to contact your technical support team if there is a technical issue or question.
- Your app is free to install. There should be no fees for downloading, installing, or using the app itself unless previously written and agreed upon.
- If your app requires a service account to use a a pricing page with information about that fee should be provided
Once your integration is approved and published we'll introduce you to one of our partnership managers that will help you meet your goals.