Mandatory GDPR webhooks for all apps

Shopify Partner
660 0 104

So many unanswered questions we can't even get started on this.

1)What will happen if we try to load an order for which the customer requested deletion.
Will order.customer be null? Or will it be non null with a customer id and all other fields null?

2) Is shop/uninstall not enough? Why do we need another separate webhook?
 

3) Any update on when we can create webhooks for these topics? Also, am I right to assume that we need to subscribe to these webhooks the same way we subscribe to others (e.g. orders/update, customer/create, etc.)?

4) When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)?

This would be ideal because it would avoid every app implementing their own data cleaning methods and simply rely on Shopify to remove all personal details

 

1 Like
New Member
1 0 0

Has anyone had any luck with receiving these webhooks? I've updated the webhook URL on the app settings and tried deleting customers on a development store, but have not received any webhooks even after the 48 hour period. 

0 Likes
Tourist
34 0 2

@Daniel Goh, don't work for us either. Our hooks are setup and ready to handle the requests.. we've been trying to test our endpoints, but it seems like Shopify isn't firing those requests just yet. 

Reward yourself and your Customers.
0 Likes
Tourist
4 0 1

Hi Can you please share code of that two webhook you created for reference ?

1 Like
New Member
4 0 0

Re Comment #comment-523662 by Clement

> So many unanswered questions we can't even get started on this.

I second that. As an app developer, I don't know how to implement these webhooks with the scarce information provided.

The questions posed by Clement seem concise summary of everything that still needs to be answered in order to implement these webhooks.

Especially question 4) requires clarification. What do the payloads for the webhooks mean? There is no clear information to be found in this topic, nor in the documentation. In the documentation example, the payload for 'customers/updated' consists of 'id', 'email', 'phone' and 'orders_to_redact'. But it is not clear how to interpret or act upon this data.

Does this mean that the indicated fields (i.e. id, email, phone) should be updated? Or does it mean they should be deleted? Or should all data associated with that customer be deleted?
Does this mean 'customers/redact' webhook send updated/redacted customer data, i.e. is acting similar to a 'customers/update' webhook? Or does it indicate that any personal data connected with that customer that might be stored by the app should be deleted?

Also: Are 'customers/updated' and 'orders/updated' webhooks triggered with the redacted data as well?

 

Please @Shopify, clarify this!

 

Regarding question 3) The way I understand it is that these webhooks can only be set in the partner dashboard, and are not to be subscribed on a per-shop basis. I have tried to subscribe to those webhooks through the API, but got an error 422, "unprocessable entity" as response. The API does not recognize these webhook topic names. Is that correct? Will this change at some point, so that we can subscribe the webhooks on a per-shop-basis to different handlers?

 

Waiting for answers...

0 Likes
New Member
4 0 0

Re Comment #comment-523662 by Clement

> So many unanswered questions we can't even get started on this.

I second that. As an app developer, I don't know how to implement these webhooks with the scarce information provided.

The questions posed by Clement seem concise summary of everything that still needs to be answered in order to implement these webhooks.

Especially question 4) requires clarification. What do the payloads for the webhooks mean? There is no clear information to be found in this topic, nor in the documentation. In the documentation example, the payload for 'customers/updated' consists of 'id', 'email', 'phone' and 'orders_to_redact'. But it is not clear how to interpret or act upon this data.

Does this mean that the indicated fields (i.e. id, email, phone) should be updated? Or does it mean they should be deleted? Or should all data associated with that customer be deleted?
Does this mean 'customers/redact' webhook send updated/redacted customer data, i.e. is acting similar to a 'customers/update' webhook? Or does it indicate that any personal data connected with that customer that might be stored by the app should be deleted?

Also: Are 'customers/updated' and 'orders/updated' webhooks triggered with the redacted data as well?

 

Please @Shopify, clarify this!

 

Regarding question 3) The way I understand it is that these webhooks can only be set in the partner dashboard, and are not to be subscribed on a per-shop basis. I have tried to subscribe to those webhooks through the API, but got an error 422, "unprocessable entity" as response. The API does not recognize these webhook topic names. Is that correct? Will this change at some point, so that we can subscribe the webhooks on a per-shop-basis to different handlers?

 

Waiting for answers...

0 Likes
New Member
2 0 0

Hi Ryan,

Do you know what is the correct way to trigger the customer/redact webhook?

I have installed my test app on my test store and used the "REMOVE PERSONAL DATA" function on Shopify admin for a test customer. I also set the webhook in app setup page. 

Ten days later, I did not receive the webhook and my test app can still access the personal data of the test customer via Shopify API. I can still see the personal data on Shopify Admin page. Is this an expected behavior of "REMOVE PERSONAL DATA"? and How much time will it take before Shopify send the customer/redact webhook?
 
In my other experiment, I received the shop/redact webhook 48hr after uninstalling my test app. So I think my config is correct.

Thanks,
John

0 Likes
Shopify Partner
14 0 3

Can we get some guidance as to what we are supposed to do with private apps and GDPR-related webhooks? As we delete and re-generate our working set of webhooks from time to time it would be ideal if we could create the GDPR-related webhooks.

Thanks,
Paul

 

0 Likes
Excursionist
23 0 5

All of a sudden yesterday my shop redact notices have been coming in over and over again. I've been getting the same 4 every few hour or so for the last day. I'm definitely passing a 200 response so I don't understand why this is happening. Is something broken on the Shopify end?

3 Likes
Tourist
5 0 2

Hi David,

We've been experiencing a similar issue in the past day or two as well. It's affecting 2 different apps of ours, and we've made no changes to our code for either one, so the error doesn't feel like it's on our end. Every hour on the hour we get a handful of "shop/redact" webhooks coming in and it's always for the same shops. 

We pass along 200 HTTP codes as well, and this wasn't a problem until very recently. Would love some clarification from someone at Shopify here!

2 Likes