Skip to content

Submission Guidelines

This page is the single source of truth for what AppTrovo expects from every product submission. Read it end-to-end before your first submission — it's the fastest path to approval.

1. Product requirements

1.1 Files

  • Upload a single ZIP archive containing every file a buyer needs to install and run your product.
  • Maximum archive size: 500 MB. Individual files inside have no limit but must fit in the archive.
  • Include a README.md (or README.txt) at the root explaining install + setup. It's the first file our reviewers open.
  • Include a LICENSE or LICENSE.md file for your code and any bundled third-party libraries.
  • Do not include: .env with real credentials, node_modules/, vendor/, .git/, storage/logs/*, IDE folders (.idea/, .vscode/), OS metadata (.DS_Store, Thumbs.db), or compiled binaries that can be rebuilt from source.
  • Provide a .env.example listing every environment variable your product reads, with safe placeholder values.

1.2 Documentation

  • Installation instructions — step-by-step from a clean environment to first boot. Include exact commands, not prose.
  • Configuration guide — document every .env / config key your product reads and what each one does.
  • Dependencies & system requirements — PHP/Node/Python version, database engines supported, required PHP/Node extensions, minimum server specs.
  • Feature overview — short bullet list of what your product does, aimed at a buyer scanning the docs.
  • Changelog — keep CHANGELOG.md in Keep-a-Changelog format. Update it every release.
  • Admin credentials for demos — if your product ships with a seeder that creates a default admin, document the credentials and remind the buyer to change them.

1.3 Media

  • Thumbnail: minimum 590×300px, PNG or JPG. No stock-photo watermarks. No competitor logos.
  • Screenshots: at least 3 distinct screens showing real features. 1280×720 (HD) minimum. Products with 5+ screenshots convert better.
  • Live Demo URL: strongly recommended — products with a working demo sell roughly 3× more. Include demo credentials if login is required; store them in the Demo Credentials field on the product form (not in the description).
  • Preview Video: optional. YouTube/Vimeo URL. Effective for complex products where screenshots can't tell the whole story.

1.4 Pricing & licensing

  • Single license type — Regular License. There is no Extended License.
  • Platform fee is 10% flat. You keep 90% of every sale. No tiers, no hidden cuts.
  • You can set any non-negative price. Products priced <$5 face stricter quality review; products at $0 (free) still go through the same checks.
  • You keep all copyright — listing a product on AppTrovo grants us a non-exclusive right to distribute it to buyers.
  • Author-issued coupons are available on your Coupons page after your first product is approved.

2. The 18-check automated review pipeline

Every submission runs through an automated pipeline before any human reviewer sees it. The pipeline is grouped into seven check categories; you'll see per-check results on your product's review page.

2.1 File Validation (2 checks)

  • File Integrity — the ZIP is a valid archive with the structure declared in your README.
  • File Size — within the 1 KB – 500 MB range.

2.2 Security (4 checks)

  • Security & Malware Scan — static signature scan plus an AI review for suspicious patterns (shell exec on untrusted input, obfuscated code, known malware families).
  • Hardcoded Secrets — detects API keys, Stripe keys, database passwords, private keys (PEM), tokens, etc. left in source files. The number-one cause of first-time rejections.
  • License Compliance — ensures every bundled third-party library has a license compatible with commercial redistribution. GPL-licensed code mixed into a proprietary product is an automatic hard reject.
  • Dependency Audit — your composer.lock / package-lock.json / requirements.txt is checked against public CVE feeds.

2.3 Code Analysis (4 checks)

  • Static Analysis — syntax errors, obvious bugs, unreachable code.
  • Code Quality — AI-scored readability and structure. Dead code, god classes, and extreme cyclomatic complexity hurt the score.
  • Performance Hints — AI flags N+1 queries, unindexed lookups, and obvious bottlenecks in critical paths.
  • Accessibility — for web UIs, checks for semantic HTML, alt text on images, focus order, and colour contrast.

2.4 Media (1 check)

  • Image & Screenshot Quality — thumbnail dimensions, screenshot count and resolution, stock/watermark detection.

2.5 Content (4 checks)

  • Description Quality — your listing description is AI-scored for clarity, completeness, and buyer usefulness. <100 words or reads like marketing fluff = low score.
  • SEO & Metadata — meta title, meta description, and tag hygiene.
  • Plagiarism & Duplicates — description is compared against existing listings and public web content; file hashes are compared against existing products.
  • Spam & Fraud Detection — account-age + previous-submission signals; first submissions always get manual review.

2.6 Documentation (2 checks)

  • Documentation — presence and quality of README / docs, AI-scored for completeness (install, config, features, troubleshooting).
  • Changelog — for updates, the changelog must describe what changed in the new version.

2.7 Verification (1 check)

  • Demo URL — if you provided a live demo, we fetch it and verify it returns 200 and looks like your product (not a generic parked page).

3. License integration (required for non-free products)

Every paid product must integrate our license verification API. This protects you from unauthorized redistribution and lets buyers activate their purchase on their own domain.

  • Use the Laravel Installer SDK (drop-in package) for Laravel products, or call GET /api/v1/licenses/verify directly from any stack.
  • Every author can issue themselves a developer test license from their product edit page — a real UUID key that only verifies on localhost, 127.0.0.1, *.test, *.local, or *.localhost. 30-day expiry, extendable in one click. Use this to run the 6 pre-submit verification scenarios.
  • Before you submit, point the SDK at the production API (https://apptrovo.com/api/v1/licenses/verify) and remove any dev-bypass flags from your shipped .env.example.

4. Review outcomes

4.1 Auto-approval

Established authors whose last several submissions cleared all automated checks may be auto-approved if the new submission also passes every check. You'll still see every per-check result on the product page.

4.2 Manual review

New authors (first submission) and edge-case automated results go to a human reviewer. Typical turnaround is 1–3 business days. You can continue editing while the review is queued.

4.3 Soft rejection ("needs revision")

Fixable issues — missing docs, weak screenshots, minor code-quality nits. You'll receive an email with reviewer feedback; the product moves to the Needs Revision tab. Edit the product, then click Submit for Review again. There's no limit on resubmissions.

4.4 Hard rejection

For serious violations — plagiarism, active malware, GPL contamination, impersonation, legal takedown requests. Hard rejections are final for the submitted content; you can submit a different product but cannot resubmit this one.

5. Common rejection reasons (ranked by frequency)

  1. Hardcoded API keys, database credentials, or Stripe secrets left in source files.
  2. README too thin — install steps missing or wrong.
  3. Thumbnail below 590×300 or looks like a stock-photo dump.
  4. Fewer than 3 real feature screenshots.
  5. Product description <100 words or heavily copy-pasted from another listing.
  6. Bundled GPL-licensed library inside a product sold under a commercial license.
  7. Demo URL returns 404 / 500 / redirects elsewhere.
  8. Source files contain .env with real secrets or node_modules bloat.
  9. License verification integration missing or broken (for paid products).
  10. Description contains contact info, external store links, or donation appeals (forbidden).

6. Pre-submission checklist

Run through this before you click Submit for Review. Catching issues here is the single biggest lever on your approval speed.

  1. Extracted your ZIP into a clean, empty directory — the install steps in your README actually work.
  2. No .env, node_modules, vendor, .git, storage/logs/*, .DS_Store, .idea, or .vscode inside the archive.
  3. Greppped your source for sk_live_, pk_live_, your real DB password, AWS keys — zero matches.
  4. README covers: requirements, install, configuration, first-run setup, troubleshooting.
  5. At least 3 screenshots showing actual product features (not marketing banners).
  6. Thumbnail is 590×300 or larger, PNG/JPG, no watermarks.
  7. Live demo URL loads your product (not a blank install screen).
  8. For paid products: you ran the 6 license-verification scenarios against a developer test license.
  9. Description is ≥ 200 words, written in your own voice, no contact info or external store links.
  10. Price, category, and tags are set.

7. Content restrictions

We reject or remove products that:

  • Infringe copyright, trademark, or patent (verbatim copies or "inspired-by" clones of famous products).
  • Enable clearly illegal or abusive use cases (mass-scraping services without consent, surveillance tools targeting individuals, credential stuffing).
  • Serve adult content, gambling, or regulated financial products.
  • Bundle malware, cryptominers, or backdoors — intentional or accidental.
  • Impersonate another author, brand, or open-source project.
  • Advertise external stores, donation links, or contact information inside the product listing (use your author profile for that).

8. After approval

  • Updates & versions — use the Upgrade tab on your product to ship new versions. Each upgrade is reviewed. Patch changes (bug fixes) usually auto-approve; major releases go to manual review.
  • Buyer support — you're expected to respond to support tickets within 48 hours during the initial support window (configurable per product).
  • Refund window — buyers have 14 days to request a refund, subject to AppTrovo's refund policy.
  • Earnings & payouts — earnings move from Pending → Available after a holding period, then you can request a payout via Stripe Connect. 10% platform fee is already deducted.
  • License violations — if you spot unauthorized redistribution, file a report from the Violations page. Attach evidence (screenshots/PDFs) so the admin team can act.

Related pages

Last updated April 20, 2026