Once your OAuth app is working, you can submit it for review. Verified apps display a trust badge and can be listed in the LUMA app directory for users to discover.
#Why get verified?
#For users
- Trust badge: Verified apps show users that LUMA has reviewed the app
- Confidence: Users know the app meets security and quality standards
- Discoverability: Listed apps are easier to find
#For developers
- Increased adoption: Users trust verified apps more
- App directory listing: Reach LUMA's user base
- Partnership opportunities: Connect with the LUMA team
#Verification levels
#Unverified (default)
All new OAuth apps start unverified:
- Apps work fully
- Users see a warning: "This app hasn't been verified by LUMA yet"
- Not listed in the app directory
#Verified
After passing review:
- No warning displayed to users
- Listed in the app directory (optional)
- Trust badge on consent screen
#Submission requirements
Before submitting, ensure your app has:
#1. Complete app information
Fill out all fields in your OAuth application settings:
| Field | Required | Description |
|---|---|---|
| Name | Yes | Clear, recognizable app name |
| Description | Yes | Brief description (1-2 sentences) |
| Overview | Recommended | Detailed description with features |
| Developer name | Yes | Your name or company name |
| Website | Yes | Your app's homepage |
| Logo | Recommended | Square image, at least 256x256px |
| Screenshots | Recommended | Up to 4 screenshots showing your app |
#2. Working integration
Your app must:
- Successfully complete the OAuth flow
- Handle tokens correctly (refresh, expiration)
- Use requested scopes appropriately
- Handle errors gracefully
#3. Privacy policy
- Link to your privacy policy from your website
- Explain what data you collect and how it's used
- Describe data retention and deletion policies
#4. Security requirements
- Use HTTPS for all endpoints
- Store tokens securely
- Implement PKCE for public clients
- Never log or expose access tokens
#Submitting for review
#Step 1: Prepare your app
- Go to Settings → Developer
- Click on your OAuth application
- Fill in all required fields
- Add screenshots if you have them
#Step 2: Test thoroughly
Before submitting, verify:
- Authorization flow works end-to-end
- Token refresh works correctly
- Error handling covers edge cases
- All requested scopes are actually used
- App works with different LUMA accounts
#Step 3: Submit for review
- In your OAuth application settings, click Submit for review
- Your app status changes to "Pending"
- You'll receive an email confirming submission
#Review process
#What we check
Our team reviews:
| Area | What we look for |
|---|---|
| Security | HTTPS, secure token handling, PKCE for public clients |
| Functionality | OAuth flow works, errors handled, scopes used appropriately |
| User experience | Clear app name, accurate description, working website |
| Privacy | Privacy policy exists, data handling is clear |
| Quality | App does what it claims, no misleading information |
#Timeline
- Initial review: 3-5 business days
- If changes needed: We'll email specific feedback
- Re-review after changes: 2-3 business days
#Possible outcomes
| Outcome | Description |
|---|---|
| Approved | Your app is verified and can be listed |
| Changes requested | We'll explain what needs to be fixed |
| Rejected | Doesn't meet requirements (with explanation) |
#After approval
#Verification badge
Approved apps display verification status on the consent screen, removing the "not verified" warning.
#App directory listing
After approval, you can opt to list your app in the LUMA app directory:
- Go to your OAuth application settings
- Enable List in app directory
- Ensure your logo and screenshots are uploaded
#Maintaining verification
To keep your verified status:
- Keep your app functional
- Respond to user issues
- Update your app when APIs change
- Don't change scope usage without notification
#Guidelines
#Naming
- Use your app's real name
- Don't include "LUMA" unless you have permission
- Avoid misleading names that imply official LUMA features
#Description
- Accurately describe what your app does
- List key features
- Be clear about any costs or limitations
#Screenshots
- Show your app's actual UI
- Demonstrate key features
- Use high-quality images
- Don't use misleading mockups
#Scopes
- Only request scopes you actually use
- Explain to users why you need each scope
- Don't request broad scopes for simple features
#Common rejection reasons
| Issue | How to fix |
|---|---|
| Missing privacy policy | Add one to your website |
| Non-working OAuth flow | Test thoroughly before submitting |
| Unused scopes | Remove scopes you don't use |
| Incomplete app info | Fill in all required fields |
| HTTP endpoints | Use HTTPS everywhere |
| Misleading description | Accurately describe your app |
| No error handling | Handle authorization denials gracefully |
#Updating verified apps
After verification, you can still update your app:
#No re-review needed
- Updating logo or screenshots
- Changing website URL
- Editing description
- Adding redirect URIs
#May trigger re-review
- Adding new scopes (users must re-authorize anyway)
- Significant functionality changes
- Changing app name
#Contact us
Questions about the review process?
- Email: support@waytogrow.es
- Discord: go.luma.ai/discord
#Related
- Build an OAuth App — Getting started guide
- OAuth Scopes Reference — Available permissions
- OAuth API Endpoints — Technical reference