The app manifest
Your app IS a manifest.json — one reviewable, certifiable, installable document.
Top-level fields
| field | type | notes |
|---|---|---|
manifestVersion | 1 | literal |
name | string 2–80 | listing display name |
slug | ^[a-z][a-z0-9_-]{1,59}$ | permanent id; first publisher to submit a slug owns it |
version | semver | MAJOR.MINOR.PATCH — see Versioning |
description | string 10–5000 | ≥ 40 chars to clear listing-quality checks; this is your storefront |
category | enum | sales marketing finance productivity support data |
icon | string ≤ 8 | emoji or short glyph |
publisher | object | { name, website?, supportEmail? } |
permissions | scope[] ≤ 20 | see below |
pricing | object | { model: free|paid, monthlyPriceUsd?, platformShareBps } — 3000 bps = the 70/30 split |
connection | object? | connector auth + sync contract — Connector SDK |
customObjects | array ≤ 10 | Custom objects |
workflowTemplates | array ≤ 20 | Workflows (typed-DSL nodes) |
webhooks | array ≤ 10 | Webhooks |
agentScripts | array ≤ 5 | AI agents |
uiExtensions | array ≤ 10 | https links on record pages / dashboard / settings; {{recordId}}/{{tenantId}} templating |
native | object? | first-party listings mapping to built-in settings pages — not for third-party apps |
Permission scopes
leads:read leads:write contacts:read contacts:write opportunities:read opportunities:write tasks:read tasks:write custom_objects:read custom_objects:write workflows:read workflows:write webhooks:manage agents:invoke
Three rules certification enforces:
- Every scope must be from the list above (
permissions.known). - Everything you provision must be covered — custom objects need
custom_objects:write, workflow templates needworkflows:write, webhooks needwebhooks:manage, agent scripts needagents:invoke(permissions.declared). - Least privilege is reviewed by humans: scopes nothing in the package uses draw warnings and slow review down.
At install, the tenant sees every scope and must acknowledge each one — undeclared access does not exist.
Validation flow
POST /api/marketplace/certify # dry run, no submission — full structured report
POST /api/marketplace/developer/apps/submit # certifies AND records the version