App review process and requirements for the Google Workspace Marketplace

To publish an app publicly to the Google Workspace Marketplace, Google reviews your app and its listing to make sure they meet Google's design, content, and style guidelines.

After Google reviews your app, you receive an email about whether it needs more work or if it's approved.

  • If your app requires additional work: You receive a review document with specific information about what needs improvement. Address the issues and resubmit your app for review.
  • If the review team approves your app: It's automatically published and you receive a notification email.

Before submitting your app for review, make sure that your app is ready to publish. For details, see Prepare for the publishing process.

Review duration

App review typically takes several days. The time it takes depends on:

  • How many apps were submitted recently
  • How much additional work your app needs

Common reasons an app doesn't pass review

OAuth verification:

  • Incorrect OAuth consent screen set up. For example, the user type is set to Internal or the publishing status is set to Testing.

  • The app didn't complete the OAuth verification.

App listing issues:

  • Inappropriate use of Google's trademarks in the app name, logo, or app descriptions. For guidance, visit the Google Workspace Marketplace branding guidelines.

  • Links don't work or point to the incorrect information. For example, a link for a privacy policy points to a developer support page.

  • Screenshots and images are of low quality, or don't accurately represent app capabilities.

App readiness:

  • The app is still being tested and not publicly ready.
  • The app has bugs or isn't fully functional.

Review criteria

Before you submit your app for review, make sure your app meets all requirements and complies with the Google Workspace Marketplace program policies.

Requirements for all apps

You can use the checkboxes to track your preliminary review.

Category Criteria
App name
  • There are no other app listings with the same name.
  • The name doesn't include a version number.
  • The name matches the name on the OAuth consent screen.
  • The name isn't vague or too generic.
  • The name is 50 characters or less.
  • (Recommended) The name uses title case.
  • (Recommended) The name doesn't have punctuation, especially parentheses.
Developer information
  • Developer name and developer website accurately represent and direct to relevant information about the developer.
  • Due to consumer protection laws, consumers based in the European Economic Area (EEA) must be informed whether a merchant on the Google Workspace Marketplace is a trader or a non-trader:
    • Trader—A trader is a person who acts for purposes relating to a trade, business, craft, or profession; or in the name of or on behalf of a trader.
    • Non-trader—A non-trader (consumer) is a person who acts for non-professional purposes.

    If unspecified, "Trader status unspecified" appears on your app's store listing page.

App description
  • All provided links work and point to the correct information. For example, a link for a privacy policy points to a page describing the privacy policy.
  • If the app interacts with a third-party service, the description describes what the third-party service does, how the app interacts with it, and optionally links to the relevant website.
  • The short and detailed descriptions are understandable.
  • The short and detailed descriptions aren't identical.
  • (Recommended) Pricing information is complete and accurate.
  • (Recommended) The full set of attributes per language (name, short description, and detailed description) are defined correctly without language mismatch.
Functionality
  • There are no obvious bugs and all actions, including edge cases, are fully functional. Loading times are managed with loading indicators.
  • The app demonstrates clear interactions with Google APIs.
  • The app provides a new or extended functionality that isn't equivalent to what's already included in Google products.
  • The app isn't meant for advertisement or spamming purposes.
  • The app is fully functional and not meant for testing purposes—it's not a work in progress.
  • If the app interacts with features that are available to users or paid users, a test account on the developer's system is provided for Google's review team.
User experience
  • The app, including its name, doesn't use Google brand assets, trademarks, or Google branded content. See Google Workspace Marketplace branding guidelines.
  • Authorization and sign-in are required only once. The app uses one-click SSO or ideally zero-click SSO.
  • After an administrator grants permissions for the OAuth 2.0 scopes for the domain, individual users aren't prompted for scope permissions again.
  • Users don't have to input credentials after signing in to their Google Account. At most, they have to click a "Sign in with Google" button to get access.
  • There are consistent, obvious, and understandable terms for button labels, menu items, titles, and other app elements. For example, instead of Yes or No, labels refer to action names like Delete and Cancel.
  • If sign-in is required, the sign-out functionality works properly. Tokens are revoked and sign-in can start from the beginning.
  • Feedback is always displayed, such as confirmation or error messages, for actions.
  • There are no broken image links or fuzzy images.
Graphics
  • Icons are sized correctly, square, and have transparent backgrounds. See Graphic assets.
  • The icon properly represents the app's name or functionality.
  • The icon is in color (not gray scaled).
  • The icon doesn't use Google's trademarks.
  • Screenshots and images are not blurry, hard to read, or inappropriate. They accurately represent the app.
  • (Recommended) Screenshots clearly show how to use the app and what it does.
OAuth
  • The app has passed OAuth verification, uses the narrowest OAuth scopes possible, and all scopes integrate correctly with Google Services APIs.

Additional requirements for specific app integrations

Select the app integrations included in your app listing to view the relevant review criteria. You can click the column names to sort the criteria, for example, by category.

You can use the checkboxes to track your preliminary review.

App integration Category Criteria
Google Chat app Name
  • The buttons to communicate with the app are available from the description.
  • The app name starts with A—Z (uppercase) or 0–9. It can't start with a symbol.
Google Chat app User experience
  • The app sends an unprompted welcome message every time a user starts a direct message or the app is added to a space. The welcome message is different from the "Help" command. For more information, see Build a homepage for a Google Chat app.
  • The app supports the "Help" command and helps users get started using the app. For more information, see Respond to slash commands.
  • The app always responds when spoken to in a space or direct Chat.
  • Messages use correct spelling, capitalization, punctuation, and grammar. Messages don't contain malicious, offensive, or abusive material.
  • Messages use clear, concise, and consistent formatting for text or cards according to the Google requirements.
  • If a response takes longer than 2 seconds, the app sends a message explaining the delay.
  • Apps that send notifications let users turn off the notifications.
  • Users can add the app to a space using @mentioning.
  • Users can remove the app from a space using the View member menu.
  • The app indicates to the user everything that's necessary to interact with it.
  • The cards format the app uses meets Google requirements. See Create interactive cards.
  • The app is available from the Find apps option in the Chat menu.
  • External URLs that the app interacts with don't belong to a staging or development environment.
  • The @mention is required in every message to the app in spaces. That's the only way that the app knows that it must respond.
  • If the Chat app previews links from a third-party domain:
    • Link previews offer relevant, supplemental information to the user's message. For example, previewing a link to a sales deal adds information like account, amount, and stage.
    • The developer is affiliated with the previewed domain.

    For more information, see Preview links.

  • (Recommended) To let Workspace administrators install your app on behalf of users in their organization, your app must be able to receive and send direct messages.
Google Chat app Graphics
  • The app has a recognizable and clear avatar.
Google Drive app Functionality
  • The app doesn't use Chrome browser extensions to provide functionality by manipulating the Drive HTML directly.
  • If your app uses sensitive or restricted scopes, it must undergo OAuth verification. See How do I submit for verification.
  • If your app uses restricted scopes, it must also go through a security assessment. See Why is the security assessment needed.
Google Drive app User experience
  • If the app stores files in Drive, it allows users to pick a folder or creates and reuses an app-specific folder. Configuration data can be stored in an App Data folder. The app doesn't dump files into the user's My Drive folder.
  • The app only stores files in Drive connected to the documented functionality of the app.
Editor add-on Functionality
  • Expected and required actions are included in the add-on, and it provides all the tools necessary to complete its workflow. For example:
    • If the add-on applies styling to the entire document, it offers the option to apply the styling only to selected text.
    • If the add-on uploads spreadsheet data to a web service feed, it has a link to that feed for easy navigation.
    • If the add-on requires the user to have an account, it provides links or info to easily create an account if the user doesn't already have one.
  • The add-on has menu items under the add-ons tab.
  • Even if the add-on is just custom functions, it still includes proper documentation.
  • The add-on correctly uses onInstall() and onOpen() to populate its menu. The menu items populate when the add-on is first installed and when a different file is opened. See Editor add-on authorization.
  • Authorization modes are set up correctly. See Authorization modes.
  • The add-on must be implemented in Apps Script's V8 runtime. For more information, see V8 runtime overview.
Editor add-on User experience
  • The add-on provides all the information necessary to have a basic understanding of the product and how to use it.
  • The add-on code doesn't use libraries excessively as libraries can cause the add-on to lose performance.
  • Errors are avoided if possible and managed properly, if not:
    • Error messages are displayed in a dialog window, not in a JavaScript alert or on the default red bar. They communicate the problem and describe what the user must do to fix it in simple language.
    • When possible, if the user is doing something wrong, a button is displayed that fixes the issue for them.
    • For more information, see the add-ons style guide.
  • Links to external pages open in new windows and are correct.
  • The add-on is intuitive and designed well. This means:
    • It's always clear what to do and how to do it.
    • The add-on is accessible and simple to understand. Technical terms and jargon are avoided.
    • Workflows are clear and facilitated as much as possible.
    • The user and their content are as safe as possible.
  • The add-on follows the UI style guide for editor add-ons and uses the CSS package for editor add-ons.
  • The add-on only uses one blue primary action per display.
  • The add-on displays one dialog at a time. It doesn't overlap or have multiple dialogs open at a time.
  • The add-on's UI fits neatly in allocated spaces:
    • Text and labels aren't cut off with "..."
    • The user doesn't have to do much vertical scrolling.
    • Content width doesn't extend beyond 300p so that it doesn't have a horizontal scrollbar.
  • The add-on requires confirmation or displays warnings for all sensitive actions. For example, if the add-on is about to overwrite all the content in a spreadsheet, the user is warned and confirms the action before it happens.

    You can avoid this requirement through design changes. For example, a Google Sheets add-on that imports data creates a risk of overwriting existing content. You can remove the risk by creating a sheet for the data as the default action.

  • Users can't trigger actions multiple times while an action is loading. For example, buttons are turned off or hidden while an action is loading.
Google Workspace add-on Name

Calendar add-ons

  • If the add-on uses calendar.name or common.name, the name in the manifest is identical to the name provided in the app listing.
  • If the add-on uses calendar.conferenceSolution, the conference solution name doesn't contain “Google Calendar.”
  • (Recommended) If the add-on uses calendar.conferenceSolution, the conference solution name doesn't exceed 30 characters.
Google Workspace add-on Functionality
  • The add-on uses the correct widgets (or iframed UI in Meet add-ons) for the desired functionality. For example, use a switch to select a boolean value.

Calendar add-ons

  • Secondary calendars and delegation are supported, or if not supported, managed gracefully. For example, conference creation doesn't fail if the user selects a different calendar they have edit access to when creating an event.
  • Recurring events work correctly.
  • If the add-on uses calendar.conferenceSolution, at least one conference solution is provided.
  • If the add-on provides conferencing solutions, appropriate conference data fields are used. For example, video conference links, phone numbers, SIP links, access codes, and other supported attributes use structured data fields and aren't provided in the notes field.
  • If the add-on provides conferencing solutions, it only edits conference details and no other event fields.
  • If the add-on provides conferencing solutions, the conference creation takes less than 5 seconds.

Gmail add-ons

If the add-on uses UrlFetchApp or OpenLinkUrl:

  • The URL is valid.
  • The URL uses HTTPS not HTTP.
  • The full domain is specified.
  • The path is not empty. For example, https://altostrat/ is OK, but https://altostrat isn't.
  • Wildcards can't be used in UrlFetchApp.

Meet add-ons

  • The add-on login and user journeys must be functional even if third-party cookies are disabled.
  • The add-on must provide functionality relevant to the operation of, or participation in, a meeting.
  • The add-on must not do anything that makes users leave the meeting, such as refreshing the browser.
  • If using multi-player experience, the add-on must allow for all participants to collaborate on content even if permissions are not set in advance. Permission adjustment must be available during the collaborative add-on session.
  • The add-on must handle the cancellation of the start activity flow and allow the user to re-initiate the start of the activity from the app.
  • The add-on must provide a side panel for sign-in and set up of the activity experience.
  • The add-on must not provide functionality to invite a bot or rely on the presence of a bot in the meeting
Google Workspace add-on User experience
  • The add-on has a homepage. If your Google Workspace add-on is a converted Gmail add-on, a default homepage is applied.
  • The add-on card (or iframed UI in Meet add-ons) functions properly. For example, there aren't duplicated items; the back, refresh, and update buttons work accordingly.
  • After the user authorizes the add-on, it displays a customized homepage card (web page in Meet add-ons) to welcome the user with a button for sign-in (if needed), logo, and brief description of the add-on.
    • If the sign-in button is triggered, it presents a customized sign-in page from the third-party vendor that clearly indicates there's a third-party service working outside of Google Workspace.
  • The add-on's UI fits neatly in allocated spaces:
    • Text and labels aren't cut off with "..."
    • The user doesn't have to do much vertical scrolling.
    • Content width doesn't extend beyond 300p so that it doesn't have a horizontal scrollbar.
  • The add-on's code doesn't use libraries excessively as libraries can cause the add-on to lose performance.

Calendar add-ons

  • If the add-on provides conferencing solutions, the conferences created are valid and displayed correctly on the third-party conferencing website.

Docs add-ons

If the add-on previews links from a third-party domain (smart chips):

  • Link previews offer relevant, supplemental information to the user. For example, previewing a link to a sales deal adds information like account, amount, and stage.
  • The developer is affiliated with the previewed domain.

For more information, see Preview links with smart chips.

Drive add-ons

  • If the app stores files in Drive, it allows users to pick a folder or creates and reuses an app-specific folder. Configuration data can be stored in an App Data folder. The app doesn't dump files into the user's My Drive folder.
  • The add-on only stores files in Drive that are connected to the documented functionality of the add-on.

Gmail add-ons

  • The add-on doesn't mention or link to Chrome browser extensions without justification.
  • The More actions menu contains universal actions that work properly. For example, Sign out, About, Support, etc.

Meet add-ons

  • If the add-on requires a license or subscription: A user-friendly message must be shown to the user when the user doesn't have a license.
  • If the user can't use the add-on because of a licensing issue, the error message must clearly state the reason the add-on cannot be used and suggest a course of action for the user to remedy the situation.
  • The Google Workspace Marketplace listing for the add-on must specify details about the license and subscription requirements that may be required to use the add-on. If the add-on has a paid tier, the Marketplace listing must provide a link to a web page that offers more information about pricing or how to contact a salesperson.
  • When the user isn't already signed in, the add-on must present the One Tap sign-in prompt found at Display Google One Tap and a "Sign In with Google" fallback found at Authentication. In addition to the "Sign in with Google" mechanism, other login options may be offered.
  • The add-on must have responsive design that can adapt content to different sizes.
  • The add-on user journeys must be functional even if third-party cookies are disabled.
  • The add-on must not have horizontal scrolling within the iframe.
  • If an add-on wants to use the main stage, the add-on must be designed for multiplayer experiences and allow for content to be manipulated by multiple participants at the same time. For single-player experiences, the developer should use the side panel.
  • (Recommended) The add-on should display who the signed-in user is.
  • (Recommended) Localization choice: language should be based on local preference set by the browser when available.
  • (Recommended) Content selection should be through a content browsing interface featuring recently accessed content.
  • (Recommended) If the side panel is no longer needed, the add-on should close the side panel after launching to the main stage.
Google Workspace add-on Graphics

Calendar add-ons

  • The logo for the conferencing solution is a public URL. See Provide conference solution logos.
  • If the add-on uses calendar.conferenceSolution, the logo of the conference solution follows the calendar.logoUrl requirements. See Calendar manifest resource.
  • If the add-on uses calendar.logoUrl or common.logoUrl, the logo is identical to the icon provided in the app listing.
  • If the add-on uses calendar.logoUrl or common.logoUrl, the URL of the logo starts as follows: https://lh3.googleusercontent.com/

Meet add-ons

  • The brand logo of the add-on needs to be in a size and styling such that it's identifiable in the Meet side panel.
  • Suitable dark mode logo URLs must be specified in the add-on manifest
Google Workspace add-on OAuth

Drive add-ons

  • (Recommended) If you want to receive limited-metadata, the add-on includes the drive.addons.metadata.readonly scope.
Web app Functionality
  • The universal navigation URL points to a web app. A simple web page without functionality is not considered a web app.