Developer Guidelines
Quality standards and review expectations
Overview
All extensions are reviewed before publication. Submissions run through automated pre-review checks plus human review.
Required Fields
Before you can submit:
- Extension name, short description, full description, category
- Icon image
- At least 2 screenshots
- Version (semver)
- Minimum Angage ERP version
- For paid extensions: at least one pricing plan configured
- If your extension declares API endpoints or webhooks: OAuth
client_idandclient_secret
URL Requirements
All declared URLs MUST use HTTPS. The pre-review check inspects:
manifest_urlapi_endpointwebhook_urliframe_base_urlredirect_urisupport_urldocumentation_urlprivacy_policy_urlterms_url
Any non-HTTPS URL is a blocking failure.
Manifest Validation
If your extension has a manifest_url, the manifest must
validate against the marketplace schema. See
/docs/manifest
for the full schema.
Compliance Webhooks
Every extension MUST declare the following webhooks:
tenant.data_request— export tenant data on requesttenant.data_redact— delete tenant data on request
Failing to declare these blocks submission approval.
Scope Justification
If your extension requests 5 or more OAuth scopes but declares fewer than 2 capabilities (hooks + UI extensions + webhooks combined), the automated scope justification check will issue a warning. Review will require you to justify the scope set.
Endpoint Performance
Your manifest URL must respond within 3 seconds. Response times over 3 seconds trigger a warning. Responses over 10 seconds cause health check failure.
Review Timeline
- Pre-review checks run asynchronously (usually within minutes)
- Admins review within 5 business days
- If rejected, you can revise and resubmit via the developer portal
- Once approved and published, your extension is live for tenants to install
Post-Publish Expectations
Published extensions remain subject to:
- Ongoing compliance checks
- User reviews and ratings
- Suspension if security or compliance issues arise