Building Salesive Apps
A Salesive App is a third-party integration that a merchant installs on their store. Your app runs on your own infrastructure and talks to the Salesive API on the merchant’s behalf — reading and writing orders, products, customers and more — using permissions the merchant explicitly grants during install. Apps use OAuth 2.1 with PKCE, so merchants never share their password or API keys with you. Instead, they approve a consent screen that lists exactly what your app can access, and Salesive issues your app a token scoped to that one store.Apps are different from Themes (your storefront’s look) and Integrations (pre-built
pixel/analytics connectors). An App is your own product, published to the Salesive Apps
marketplace, that any merchant can discover and install.
What you can build
OAuth, not credentials
Merchants grant access through a consent screen. Your app receives a scoped, revocable
token — never the merchant’s login.
Per-store install
Each install binds your app to one store. The token can only ever touch that store’s data.
Work with store data
Read and write orders, products, customers, categories, shipping, discounts and blogs —
gated by the scopes you request.
Publish to the marketplace
Submit your app for review and list it so merchants can find and install it from their
dashboard.
How apps work
Register your app
Create an app in the Salesive dashboard’s Developer console (Apps → Developer). You
receive a
client_id and a client_secret, and you declare your redirect URIs and the
scopes (permissions) your app needs.A merchant installs it
From the Apps marketplace, the merchant launches your install URL. They’re taken to a
Salesive consent screen that shows the permissions you requested and the store they’re
installing on, and they approve.
Salesive issues a token
Your server exchanges the returned authorization code (plus your PKCE verifier and client
secret) for an access token and refresh token, bound to that store and those scopes.
Key concepts
| Concept | What it is |
|---|---|
| App | Your OAuth client + marketplace listing. Identified by a client_id (prefixed app_). |
| Installation | The record of your app installed on one store, with the scopes the merchant granted. It is the source of truth — when a merchant uninstalls, all of the app’s tokens stop working immediately. |
| Scope | A granular permission (e.g. READ_ORDERS, WRITE_INVENTORY) the merchant approves at install. See Scopes & permissions. |
| Access token | A short-lived bearer token (prefixed app_) used to call the API. Refreshed with a long-lived refresh token. |
Before you start
You’ll need a Salesive account to access the Developer console (Apps → Developer in your
store dashboard), and a server that can hold your
client_secret and complete the OAuth
token exchange. Apps are headless — Salesive does not host your app’s UI.Next steps
Install flow (OAuth + PKCE)
Implement the end-to-end authorization and token exchange.
Scopes & permissions
See every scope your app can request and how enforcement works.
Build & publish
Register your app, list it, and submit it for review.