Learn about the Connect certification process. # Scope of certification To become a publicly available [Connector](https://docs.commercetools.com/connect/connectors#connector) on the [Connect marketplace](https://docs.commercetools.com/connect/merchant-center/connect), your [Connector](https://docs.commercetools.com/connect/overview#connectors) must pass a semi-automated certification process that is managed by the Connect team. This process is triggered when you [publish your Connector](https://docs.commercetools.com/connect/getting-started#publish-your-connector). The certification process ensures that your Connect applications are: - Functionally complete, with no critical bugs - Stable and secure, with no security vulnerabilities - Compatible with Connect's deployment requirements - Fully documented, with a clear installation guide and usage instructions Certification is not required when creating private Connectors or Connectors for use in your own Projects. # Certification prerequisites To complete the certification process, you must have the following in your GitHub repository: - Source code for your Connect applications - Unit tests and self-contained integration tests - Installation guide and documentation - License files - Creator information and contact details You must also [contact your commercetools Partnership Manager](https://commercetools.com/partner-program/join) to request the relevant certification paperwork. # How to request certification The certification request process is the responsibility of the creator, however, before you publish your Connector for certification, you must contact your [commercetools Partnership Manager](https://commercetools.com/partner-program/join) to request the relevant certification paperwork. We recommend contacting your Partnership Manager as early in your build process as possible. ## Use the Connect API You can request certification for a [ConnectorStaged](https://docs.commercetools.com/connect/connectors-staged#connectorstaged) by using the [Publish](https://docs.commercetools.com/connect/connectors-staged#publish) update action with `certification` set to `true`. ## Use the Merchant Center You can request certification by selecting List on Marketplace when [publishing the Organization Connector](https://docs.commercetools.com/connect/merchant-center/connect#publish-an-organization-connector). # When to request re-certification If you make any changes to your Connect applications, such as fixing bugs or adding new features, you must re-certify the ConnectorStaged before the changes go live. To re-certify your ConnectorStaged, follow these steps: 1. Push the changes to the application GitHub repository. 2. Generate a new [Git tag](https://docs.github.com/en/rest/git/tags). 3. Use the [Set Repository](https://docs.commercetools.com/connect/connectors-staged#set-repository) update action to reference the new tag. 4. Use the [Publish](https://docs.commercetools.com/connect/connectors-staged#publish) update action with `certification` set to `true`. # Requirements for certification When developing your Connect applications, be aware of the following requirements for certification. ## General requirements Your Connect applications: - Must follow language-specific configurations to support [buildpack](https://cloud.google.com/docs/buildpacks/nodejs). Connect uses it to build container images. - Must use open-source libraries which Google Cloud Platform supports. - Must be stateless in nature and not store previous session information in-memory. - Must have self-contained dependencies, with global dependencies referenced in `package.json`. - Should follow test-driven development principles. - Should be lightweight and not need excessive memory or CPU-intensive operations. For example, do not use long-running recursive operations. ## GitHub repository requirements The GitHub repository of your Connect applications: - Must have a [specific directory structure](https://docs.commercetools.com/connect/development#use-the-correct-directory-structure). - Must contain a configured `connect.yaml` file in the root directory. - Must have a [Git tag](https://docs.github.com/en/rest/git/tags?apiVersion=2022-11-28) that remains the same during the certification process. If you create a Connector in the [Merchant Center](https://docs.commercetools.com/connect/merchant-center/connect#create-an-organization-connector), you'll be asked to specify the GitHub repository containing your Connect applications. You can specify the GitHub repository by linking your GitHub account, or by providing the SSH URL or HTTPS URL of the repository. The HTTPS URL will work only if the repository is public. If the repository is private, you must use the SSH URL and grant read access to the [connect-mu](https://github.com/connect-mu) [machine user](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#machine-users). ## Security requirements Your Connect applications: - Must not contain any hardcoded URLs, tokens, credentials, or passwords in the application code and configuration. - Must not use outdated or insecure dependency libraries. - Must not use protected third-party trademarks, copyrights, patents, or code. - Should not include logs or any code/configuration which are not intended for production use. # Handle issues ## Functional errors If your Connect applications have functional errors, the certification process will fail. You must fix these errors and request certification again. The Connect team will email a detailed report of the functional errors found in your Connect applications to the [`creator`](https://docs.commercetools.com/connect/connectors-staged#creator) of your [ConnectorStaged](https://docs.commercetools.com/connect/connectors-staged#connectorstaged). ## Security vulnerabilities If your Connect applications have security vulnerabilities, the certification process will fail. You must fix these vulnerabilities and request certification again. Once your Connector passes certification and is listed on the Connect marketplace, you must acknowledge any security vulnerabilities found in your Connect applications within 1 business day. Based on their severity, you must fix security vulnerabilities in your Connect applications within the following response times. (a CSV formatted table follows. The first line are the column names.) Severity,Response time Critical,15 business days High,30 business days ## Infrastructure All infrastructure-related issues are the responsibility of the Connect team. If you have any questions about the infrastructure, contact the [commercetools support team](https://support.commercetools.com/). # Contact support If you have any questions about the certification process or other aspects of Connect, contact the [commercetools support team](https://support.commercetools.com/).