Skip to content

Get your Application Ready for Productive Use – Checklist

This non-exhaustive checklist gives you an overview of important aspects that are required for uploading an app via Developer Cockpit to make it available for productive use. For step-by-step instructions, refer to here.

Publication Workflow


  • [ ] The application integrates the OS Bar. For self-hosted applications you need to provide screenshots showing the actual implementation of the OS Bar in the running application.
  • [ ] The application uses a single manifest file, if it consists of multiple components.
  • [ ] A proper Content Security Policy header (CSP) is configured for your application.
  • [ ] The application utilizes up-to-date software components (e.g., dependent third party libraries, ...)
  • [ ] The application is tested regarding functionality and state-of-the-art security requirements (e.g., OWASP Top 10).
  • [ ] You follow best practices when developing and testing applications.
  • [ ] The application adheres with the design considerations and the style guide documented in the DevOps Guide.
  • [ ] The application does not use any reserved keywords in request bodies and API endpoints.


By uploading your application via Developer Cockpit, you confirm having evaluated and tested the application with respect to its technology, functionality, performance, security, and user interface. You agree that your application complies with the documentation and any other requirements set out in the MMA or the respective order form.

Last update: April 13, 2023

Except where otherwise noted, content on this site is licensed under the Development License Agreement.