I have a link which redirects stores to the "authorize" page for oauthin my app, with the App's ID as the client_id.
This works well in the sandbox environment, and also in the production one with my test store - I'm able to receive the access token and then use the REST API. However, when another store (a real one) tried to use it, they received a "not found" error for the APP ID. Is this the expected behavior?
Should I be an approved developer in order for real stores to use the app (web api)?