The ServiceNow App Certification Guide for ISVs

Everything you need to know about getting your app certified and listed on the ServiceNow Store—from Technology Partner Program enrollment to passing certification review. Written by a former member of the ServiceNow certification team.

Need Help With Certification?

Become a ServiceNow Build Partner

Before you can build a Store app, you need to enroll in ServiceNow’s Technology Partner Program (TPP)

This is a business relationship between your company and ServiceNow—it cannot be bypassed.

  • check_circleEnroll in the Technology Partner Program (TPP)—apply through ServiceNow’s partner portal. TPP enrollment has its own commercial terms and approval process
  • check_circleGet Build Partner designation—this is the specific partner tier that allows you to develop and publish apps to the ServiceNow Store
  • check_circleReceive vendor instances—once approved, ServiceNow provisions vendor instances for your development and testing. These are distinct from PDIs and customer instances

TPP enrollment is handled by your company directly with ServiceNow. Development partners like XpertApps then build and certify on your vendor instances.

Understanding Your Development Environment

Vendor instances vs PDIs—know the difference before you start building

Comparison of ServiceNow instance types: Vendor Instances, Personal Developer Instances (PDI), and Customer Instances
Capability Vendor Instances Personal Developer Instance (PDI) Customer Instances
Purpose check_circle Store app development & certification Learning & prototyping only Production deployment by your customers
How to Get Provisioned through TPP as a Build Partner Free from developer.servicenow.com Customers’ own licensed instances
Store App Development check_circle Yes—required remove No remove No
Certification Submission check_circle Yes remove No remove No
Multi-User Access check_circle Yes remove Single user only check_circle Yes
Email check_circle Yes remove No check_circle Yes
Storage & Performance check_circle Full Limited check_circle Full (customer-managed)
Inactivity Policy check_circle No reclaim Reclaimed after 10 days of inactivity check_circle No reclaim
Store App Installs check_circle Yes remove No check_circle Yes

Certification Requirements

What ServiceNow reviewers evaluate during the certification process

security

Security Review

Critical — most common reason for failure

ServiceNow runs automated scans and manual reviews to ensure your app doesn’t introduce vulnerabilities.

  • check_circleACL enforcement on all tables and records
  • check_circleNo GlideRecord in client-side scripts
  • check_circleInput validation and output encoding to prevent XSS
  • check_circleSecure handling of credentials and API keys
  • check_circleProper scoping—no access outside app scope
speed

Performance

Required

Your app must not degrade the performance of the host instance. ServiceNow tests for query efficiency, script execution time, and resource consumption.

  • check_circleEfficient GlideRecord queries with proper filtering
  • check_circleNo unbounded loops or recursive scripts
  • check_circleMinimal use of synchronous AJAX calls
  • check_circleProper use of caching where appropriate
code

Code Quality & Scoping

Required

All app components must be properly scoped within your application’s namespace. Cross-scope access must be explicitly declared and justified.

  • check_circleAll artifacts contained within the app scope
  • check_circleClean, maintainable code following ServiceNow best practices
  • check_circleNo hardcoded instance URLs, credentials, or customer-specific data
  • check_circleProper use of system properties for configuration
description

Documentation & Store Listing

Required

Your Store listing needs clear documentation, screenshots, and a complete description of what the app does and how to configure it.

  • check_circleInstallation and configuration guide
  • check_circleStore listing with screenshots and feature descriptions
  • check_circleRelease notes for each version
  • check_circleSupport contact and SLA information

Typical Timeline

From development start to Store listing—what to expect

1-2

Weeks: Discovery & Architecture

Define scope, map certification requirements, design the technical blueprint.

2-3

Weeks: Build & Test

Sprint-based development with bi-weekly demos. Security and performance reviewed each sprint.

3-5

Weeks: Certification Review

ServiceNow reviews your submission. Timeline depends on their queue and your app's compliance.

Total: approximately 5–8 weeks from development start to Store listing, depending on app complexity. TPP enrollment is a separate prerequisite that should be started well in advance.

Common Certification Pitfalls

Mistakes we see ISVs make—and how to avoid them

warning

Building on a PDI

Wrong Environment

PDIs are fine for learning, but Store apps must be built on vendor instances. Migrating a completed app from a PDI to a vendor instance adds unnecessary risk and rework.

warning
gpp_bad

Security as an Afterthought

Most Common Failure

Retrofitting ACLs and fixing GlideRecord usage after development is expensive. Build with certification-compliant security patterns from sprint one.

gpp_bad
public_off

Scope Creep into Global

Scoping Violation

Placing business rules, script includes, or UI elements in the global scope instead of your app scope. This will fail certification every time.

public_off
update_disabled

Ignoring Platform Releases

Post-Launch Risk

ServiceNow ships two major releases per year. Apps that don't stay current lose their Store listing. Plan for ongoing compatibility testing from day one.

update_disabled

Need Help With Certification?

We’ve certified 15+ ServiceNow apps with a 100% first-time pass rate. Whether you need a full build or certification support for an existing app, we can help.

Book a Free Consultation

check_circleFounded by a former certification team member
check_circle100% first-time certification rate
check_circleFree project scoping
check_circleWe build on your vendor instances

Certification Questions

How much does ServiceNow Store certification cost?

ServiceNow does not charge a fee to submit an app for certification. However, you must be enrolled in the Technology Partner Program (TPP), which has its own commercial terms. The main costs are development time and ensuring your app meets all certification requirements.

Can I certify an app built on a Personal Developer Instance (PDI)?

No. You can prototype on a PDI, but Store apps must be developed and submitted for certification from vendor instances provisioned through the Technology Partner Program. PDIs lack Store app install capabilities, have a 10-day inactivity reclaim policy, and do not support multi-user testing.

What happens if my app fails certification?

ServiceNow provides specific feedback on what needs to be fixed. You can address the issues and resubmit. Common failure reasons include security vulnerabilities (like GlideRecord without ACL enforcement), performance issues, and improper scoping. Each resubmission goes through the same 3–5 week review cycle.

Do I need to re-certify my app with each ServiceNow release?

Yes. ServiceNow ships two major platform releases per year. You need to validate compatibility and may need to re-certify if your app uses APIs or features that have changed. Staying current is required to remain listed on the Store.

How long does the certification review take?

ServiceNow’s certification review typically takes 3–5 weeks from submission. The exact timeline depends on the review queue and how well your app meets requirements. Apps that are built with certification in mind from the start tend to move through review faster.