Certification
Runs automatically on every submission. Pass → operator review queue. Fail → a structured report that tells you exactly what to fix.
The checks
| check id | fails when |
|---|---|
manifest.schema | the manifest doesn't parse against the package schema (every issue listed) |
permissions.known | a requested scope isn't in the platform scope list |
permissions.declared | provisioned resources aren't covered by declared scopes |
custom_objects.* | duplicate field names · formula fields without formulas · references without targets · picklists without options |
workflows.* | unknown node types · unknown trigger events · ≠ 1 trigger · dangling connections (else-branches included) |
webhooks.* / ui.* | non-https URLs, localhost/private-network/metadata targets |
connection.oauth2 | OAuth connectors missing authorization/token URLs |
pricing.paid | paid model without a monthly price |
Warnings (don't block, but reviewers read them)
| warning | meaning |
|---|---|
connection.sync.cursor | inbound sync with no cursor — full re-pulls don't scale |
connection.sync.rate-limit | no declared upstream rate limit — the platform can't pace your syncs |
permissions.least-privilege | scopes nothing in the package uses |
listing.description | description under 40 chars |
package.substance | nothing to install — listing-only package |
Run it any time
curl -s -X POST https://app.ivorycomcrm.com/api/marketplace/certify \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{"manifest": { … }}'
# → { "passed": true, "checks": [ { "id", "title", "level", "detail?" } … ] }The SDK's certify-cli and the console's Certify button call this same endpoint — one suite, three doors.