Mandatory GDPR webhooks for all apps

Shopify Partner
1 0 0

Hi.
Checking what Ryan O answered in relation to the header to verify the request(the `HTTP_X_SHOPIFY_HMAC_SHA256` header). He said that the header would still come as a way to verify that the request comes for shopify and its integrity.

This verification requires a `SHARED_SECRET` that is displayed in the notifications page of each `Shop`, like the image I attached to this reply.

But I'm checking the settings of the app and there is no trace of that `SHARED_SECRET` in the `setup` page.

Am I missing something?

Thanks

0 Likes
Shopify Partner
11 0 0

HI

In the mandatory webhook page (https://help.shopify.com/en/api/guides/gdpr-resources#mandatory-webhooks) there is a third GDPR wehook topic  called "customers/data_request".

Is this webhook's callback is also going to be posted on the same URL i specify on the apps "Mandatory webhooks" settings "Customer data ensure endpoint"  url? 

In otherword, are the customer/redact and the customers/data_request both webhoks callbacks will be posted on same url ("Customer data ensure endpoint") with slightly different payload (mentoned in the documentation page https://help.shopify.com/en/api/guides/gdpr-resources#mandatory-webhooks)

Please help!

Thanks in advance!

0 Likes
New Member
2 0 0

Hi

We have an App in Shopify and we have received a mail from the Shopify related to mandatory webhooks(customers/redact,shop/redact,customers/data_request) for GDPR. Currently, we store customer Email and domain.

Is it required to implement these webhooks for our App? If required then how we implement it?

we have created a webhook "shop/redact" on test store but we will get an error response
{"errors":
{
"topic":["Invalid topic specified.
Topics allowed: 
app\/uninstalled,
collections\/create,
collections\/delete,
collections\/update,
products\/create,
products\/delete,
products\/update,
shop\/update,
themes\/create,
themes\/delete,
themes\/publish,
themes\/update"]
}
}

which means that only above webhooks are allow on shopify.

0 Likes
Shopify Staff
Shopify Staff
469 36 92

But I'm checking the settings of the app and there is no trace of that `SHARED_SECRET` in the `setup` page.
 

 

Check your app section of the partner dashboard

 

Is this webhook's callback is also going to be posted on the same URL i specify on the apps "Mandatory webhooks" settings "Customer data ensure endpoint"  url? 

 

The ability to set a callback address will be added when the webhook is added

Is it required to implement these webhooks for our App? If required then how we implement it?

we have created a webhook "shop/redact" on test store but we will get an error response

Read the OP please.  And https://ecommerce.shopify.com/c/api-announcements/t/gdpr-receiving-a-customer-redaction-request-5310... has more info.

Developer Experience @ Shopify
0 Likes
New Member
2 0 0

Hi Ryan 

Thanks for quick response.

But in the above link, we do not understand how to implement these webhooks

Please give me step by step algorithm how we implement webhooks with example and at which step we put URL and what URL on the Partner Dashboard in the app setting endpoints. 

 

 

0 Likes
Shopify Partner
1 0 0

Can someone clarify whether if we receive a shop/redact request, we need to remove all the personally identifiable information from all the shop's customers' as well as the shop's personal information? 

shop/redact: 48 hours after a shop uninstalls your app, Shopify will send an HTTP POST request for the shop/redact topic. Upon receipt of the webhook, the app must delete all customers’ personal information associated with that shop.

0 Likes
Excursionist
33 0 7

Hi Ryan,

1. When testing the shop/delete webhook on a dev store the redaction request comes in immediately.  Is this the intended functionality or an error?

2.  According to another thread the cust/redact webhook was not firing as of 8 days ago.  Is there an estimated time as to when it will be working so we can start testing?

Thanks!

0 Likes
Excursionist
23 0 5

FYI, I think there was a problem with the shop webhooks firing before today. Mid-day today we got about 20 of them all at once.

0 Likes
New Member
5 0 0

Hey,

So here are a few questions regarding customer/data_request webhooks:

1. In what format does Shopify expect app developers to respond to these webhooks?

2. Should our response be sent back to the merchant's email (even though the customer requested this data)?

0 Likes
New Member
5 0 0

We've been experiencing what David had described too - we've had spikes of shop/redact webhooks coming in big batches on August 23rd, 25th, and 27th (while that rest of the time we're receiving a low stream of webhooks).

In addition, we've also noticed that we're receiving several shop/redact webhooks for a single store (sometimes even 6-7).

Ryan - could you please look into this and let us know what might be happening here?

0 Likes