HomeGuidesAPI Reference
ChangelogHelp CenterCommunityContact Us
Guides

Pass your app review

Learn best practices and common pitfalls to cut down review time and boost your app’s chances of approval.

Before you begin

Before you begin, confirm that your app meets Klaviyo’s app listing requirements to ensure that your submission process goes as smoothly as possible.

You will learn

This article highlights OAuth app best practices and common reasons an app fails review, helping you prepare your app for approval before submitting it to Klaviyo's integration directory. You'll learn best practices for:

You’ll also learn how to identify and avoid common app review errors, such as OAuth installation flow errors, unclear testing instructions, unused scopes, and more.

OAuth app best practices

Apply the best practices detailed below to ensure that your OAuth app is performant and offers a user experience that satisfies Klaviyo’s app listing requirements.

Seeding profiles and events

If your app creates events or sets custom profile properties for use in flows, segments, etc. we recommend creating an example profile(s) with the properties set by your integration along with events for each of the core metrics upon installation. This enables customers to get started with your integration immediately after installation. Otherwise, they will need to wait until these properties and events propagate through naturally, which prolongs the onboarding time.

📘

App metric branding is available to all apps using OAuth. Learn how to set up branding for your app’s metrics.

Naming lists and profile properties

It’s best practice to give lists and profile properties set by your integration names that clearly identify your integration. We recommend using your app’s name or prefix, followed by a space and then the list/profile property. For example, an app named PetParty might have list properties named “PetParty Invitees” and “PetParty Attendees.”

List and profile properties should follow the same format, i.e., if an app's full name is used to describe a list property, all list and profile properties should also be described with the full name. Following a consistent naming approach will allow for your app’s properties to be easily grouped and identified in Klaviyo.

Syncing data efficiently

Respect rate limits

Your app needs to respect API rate limits to avoid unnecessary load in accordance with our API Terms of Use. Rate limits are listed in each endpoint’s API reference documentation.

Use bulk endpoints

Use our Bulk Profile Import API and Bulk Create Events API to create multiple profiles and events at a time. The Bulk Profile Import API will update matching profiles if they already exist or create them if no matching profiles are found. If you are looking to create or update a single profile, use the Create or Update Profile endpoint.

Defining event schema

It's important that you avoid making breaking changes to event payloads, as customers are relying on the payload shape to be a certain way in Klaviyo. Keep your event payloads tight and only send over data that is helpful for customers to use in Klaviyo, for example, fields that can be used in segments, flows, or message templates. Note that segmentation is only supported on top-level properties.

Common reasons an app fails review

Apps often require updates before they can be approved and published in Klaviyo’s integration directory. We’ve outlined the reasons for such updates below so that you can avoid delays in your app’s approval. Before you submit your app, make sure your app doesn’t meet any of the common reasons an app fails review.

CategoryReasonSolution
Installation flow
  • The installation URL redirects to the app’s website or integration page instead of to the OAuth flow directly.
  • The install URL leads to a web error.
  • Make sure that the installation URL kicks off the OAuth flow directly.
  • Your OAuth flow handles redirects correctly, i.e., the code challenge and state parameters are updated per user.
Scopes
  • The scopes requested upon installation do not match the scopes provided in the app’s installation instructions.
  • The app requests access to all scopes.
  • The app does not account for the case in which a user denies permission to use requested scopes.
  • Review your scopes and ensure that you are only requesting required scopes that match your app’s use cases.
  • Use the narrowest scopes possible.
  • Make sure that it is clear to the user whether or not they’ve denied access to requested scopes and that they can return to approve permissions at any time.
Testing instructions
  • The document linked for testing instructions is inaccessible to our review team.
  • The scopes listed do not match the scopes defined in the app submission.
  • Your app’s use cases are unclear.
  • Share “Commenter Access” with [email protected]
  • Ensure that you have detailed clear use cases for each scope your app requests.
  • Include the specific endpoints your app calls along with the scope needed.
Uninstallation flow
  • There is not an option from within the app to uninstall or disconnect.
  • It is unclear that there is a way to disconnect, i.e., the disconnect button is difficult to locate.
  • The app informs users to direct to Klaviyo’s integration dashboard to disconnect.
  • When the app is disconnected from the app’s side, it is still enabled in Klaviyo.
  • Implement the ability to disconnect your integration from within your app.
  • Make sure that it is clear to users that there is a way to disconnect from within the app.
  • Make sure that disconnecting your app from your app’s side or Klaviyo’s side disconnects your app on both ends.
  • Make sure that your app handles revoking any refresh and/or access tokens you have for the user.
OtherThe app failed to remove and/or deprecate the API key connection when transitioning to OAuth.Make sure that your app no longer supports any API key-based connections.

Next steps

Now that your app meets Klaviyo’s app listing requirements and follows best practices, you can submit your app for review.

Additional resources