API returns 303 when calling DELETE against webhook

Solved
Highlighted
New Member
2 0 0

Hello all, I'm getting strange responses when attempting to remove my webhook subscription via the API. Referring to the docs: https://help.shopify.com/en/api/reference/events/webhook

 

DELETE /admin/api/2019-10/webhooks/#{webhook_id}.json

Heres the request:

curl -v -X DELETE -H "Authorization: Basic snippedbase64=" "https://foo.myshopify.com/admin/api/2019-10/webhooks/#723362283595.json"

Response:

< HTTP/1.1 303 See Other
< Date: Tue, 19 Nov 2019 16:11:06 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=snip; expires=Wed, 18-Nov-20 16:11:05 GMT; path=/; domain=.myshopify.com; HttpOnly
< X-Sorting-Hat-PodId: 74
< X-Sorting-Hat-ShopId: 27865022539
< Referrer-Policy: origin-when-cross-origin
< X-Frame-Options: DENY
< X-ShopId: 27865022539
< X-ShardId: 74
< Cache-Control: no-cache, no-store
< Location: https://foo.myshopify.com/admin/auth/login
< Strict-Transport-Security: max-age=7889238
< Set-Cookie: _secure_admin_session_id_csrf=e795dcbdd8589c91970b85b2b940d578; path=/admin; expires=Wed, 19 Feb 2020 16:11:05 -0000; secure; HttpOnly; SameSite=Lax
< X-Request-Id: 531742ca-4659-40d1-bc92-a9f85052ed97
< X-Shopify-Stage: production
< Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopify.cn https://checkout.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin&source%5Buuid%5D=531742ca-4659-40d1-bc92-a9f85052ed97
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin&source%5Buuid%5D=531742ca-4659-40d1-bc92-a9f85052ed97
< X-Dc: gcp-us-east1,gcp-us-east1
< NEL: {"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
< Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
< set-cookie: request_method=DELETE; path=/
< set-cookie: _secure_admin_session_id=snip; path=/admin; expires=Wed, 19 Feb 2020 16:11:05 -0000; secure; HttpOnly
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 5383754198b4bbfa-LHR
<
* Connection #0 to host foo.myshopify.com left intact
<html><body>You are being <a href="https://foo.myshopify.com/admin/auth/login">redirected</a>.</body></html>

 

What is strange about the request is that it isn't getting the auth layer and few tweaks to the URI isn't returning errors, take:

 

curl -v -X DELETE -H "Authorization: Basic snippedbase64=" "https://foo.myshopify.com/admin/api/2019-10-FOOOOOOOO/webhooksssssssssssssss/#723362283595.json"

 

Thanks

Mark.

 

 

 

 

 

0 Likes

Success.

Shopify Partner
1056 117 170

Remove # in front of the webhook ID, i.e.:

https://foo.myshopify.com/admin/api/2019-10/webhooks/723362283595.json
Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
1 Like
New Member
2 0 0

I can't believe I didn't consider to remove the hash!

All working. Thank you. 

0 Likes