App installed webhook not validating.

garyrgilbert
Excursionist
22 1 3

This question has been asked before but no one from shopify staff or someone who has actually implemented webhook verification has answered so I will ask the question again.

How does one Validate a webhook for an app installed via the webhooks API endpoint?

I followed the example https://shopify.dev/tutorials/manage-webhooks under verifying webhooks.. 

Webhooks created through the API by a Shopify App are verified by calculating a digital signature. Each webhook request includes abase64-encodedX-Shopify-Hmac-SHA256header, which is generated using the app's shared secret along with the data sent in the request.

Pretty simple process really

  1. take your apps shared secret and create a new hmac256..
  2. base64 encode the result and
  3. compare that to the one sent by shopify..

only problem is they don't match!

http post request body:

{"id":3208441659553,"email":"franz@example.com","closed_at":"2021-02-08T07:58:57-05:00","created_at":"2021-02-08T07:09:20-05:00","updated_at":"2021-02-08T07:58:57-05:00","number":2,"note":"","token":"f5b0188dd09236504b62191111de8a2c","gateway":"manual","test":false,"total_price":"50.00","subtotal_price":"50.00","total_weight":0,"total_tax":"0.00","taxes_included":true,"currency":"CHF","financial_status":"paid","confirmed":true,"total_discounts":"0.00","total_line_items_price":"50.00","cart_token":null,"buyer_accepts_marketing":false,"name":"#1002","referring_site":null,"landing_site":null,"cancelled_at":null,"cancel_reason":null,"total_price_usd":"55.61","checkout_token":null,"reference":null,"user_id":68598562977,"location_id":null,"source_identifier":null,"source_url":null,"processed_at":"2021-02-08T07:09:20-05:00","device_id":null,"phone":null,"customer_locale":"de","app_id":1354745,"browser_ip":null,"landing_site_ref":null,"order_number":1002,"discount_applications":[],"discount_codes":[],"note_attributes":[],"payment_gateway_names":["manual"],"processing_method":"manual","checkout_id":null,"source_name":"shopify_draft_order","fulfillment_status":"fulfilled","tax_lines":[],"tags":"","contact_email":"franz@example.com","order_status_url":"https:\/\/devapps-ecommercify.myshopify.com\/52327481505\/orders\/f5b0188dd09236504b62191111de8a2c\/authenticate?key=0941e9a446a1062c89c96c880e7b7aa8","presentment_currency":"CHF","total_line_items_price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discounts_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"total_shipping_price_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"subtotal_price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_tax_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"line_items":[{"id":6630840008865,"variant_id":null,"title":"Red Sports Tee","quantity":1,"sku":null,"variant_title":null,"vendor":null,"fulfillment_service":"manual","product_id":null,"requires_shipping":true,"taxable":true,"gift_card":false,"name":"Red Sports Tee","variant_inventory_management":null,"properties":[],"product_exists":false,"fulfillable_quantity":0,"grams":0,"price":"50.00","total_discount":"0.00","fulfillment_status":"fulfilled","price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discount_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"discount_allocations":[],"duties":[],"admin_graphql_api_id":"gid:\/\/shopify\/LineItem\/6630840008865","tax_lines":[]}],"fulfillments":[{"id":2964927742113,"order_id":3208441659553,"status":"success","created_at":"2021-02-08T07:58:56-05:00","service":"manual","updated_at":"2021-02-08T07:58:56-05:00","tracking_company":null,"shipment_status":null,"location_id":58724384929,"line_items":[{"id":6630840008865,"variant_id":null,"title":"Red Sports Tee","quantity":1,"sku":null,"variant_title":null,"vendor":null,"fulfillment_service":"manual","product_id":null,"requires_shipping":true,"taxable":true,"gift_card":false,"name":"Red Sports Tee","variant_inventory_management":null,"properties":[],"product_exists":false,"fulfillable_quantity":0,"grams":0,"price":"50.00","total_discount":"0.00","fulfillment_status":"fulfilled","price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discount_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"discount_allocations":[],"duties":[],"admin_graphql_api_id":"gid:\/\/shopify\/LineItem\/6630840008865","tax_lines":[]}],"tracking_number":null,"tracking_numbers":[],"tracking_url":null,"tracking_urls":[],"receipt":{},"name":"#1002.4","admin_graphql_api_id":"gid:\/\/shopify\/Fulfillment\/2964927742113"},{"id":2964921319585,"order_id":3208441659553,"status":"cancelled","created_at":"2021-02-08T07:52:27-05:00","service":"manual","updated_at":"2021-02-08T07:58:16-05:00","tracking_company":null,"shipment_status":null,"location_id":58724384929,"line_items":[{"id":6630840008865,"variant_id":null,"title":"Red Sports Tee","quantity":1,"sku":null,"variant_title":null,"vendor":null,"fulfillment_service":"manual","product_id":null,"requires_shipping":true,"taxable":true,"gift_card":false,"name":"Red Sports Tee","variant_inventory_management":null,"properties":[],"product_exists":false,"fulfillable_quantity":0,"grams":0,"price":"50.00","total_discount":"0.00","fulfillment_status":"fulfilled","price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discount_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"discount_allocations":[],"duties":[],"admin_graphql_api_id":"gid:\/\/shopify\/LineItem\/6630840008865","tax_lines":[]}],"tracking_number":null,"tracking_numbers":[],"tracking_url":null,"tracking_urls":[],"receipt":{},"name":"#1002.3","admin_graphql_api_id":"gid:\/\/shopify\/Fulfillment\/2964921319585"},{"id":2964892188833,"order_id":3208441659553,"status":"cancelled","created_at":"2021-02-08T07:21:50-05:00","service":"manual","updated_at":"2021-02-08T07:22:47-05:00","tracking_company":null,"shipment_status":null,"location_id":58724384929,"line_items":[{"id":6630840008865,"variant_id":null,"title":"Red Sports Tee","quantity":1,"sku":null,"variant_title":null,"vendor":null,"fulfillment_service":"manual","product_id":null,"requires_shipping":true,"taxable":true,"gift_card":false,"name":"Red Sports Tee","variant_inventory_management":null,"properties":[],"product_exists":false,"fulfillable_quantity":0,"grams":0,"price":"50.00","total_discount":"0.00","fulfillment_status":"fulfilled","price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discount_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"discount_allocations":[],"duties":[],"admin_graphql_api_id":"gid:\/\/shopify\/LineItem\/6630840008865","tax_lines":[]}],"tracking_number":null,"tracking_numbers":[],"tracking_url":null,"tracking_urls":[],"receipt":{},"name":"#1002.2","admin_graphql_api_id":"gid:\/\/shopify\/Fulfillment\/2964892188833"},{"id":2964874789025,"order_id":3208441659553,"status":"cancelled","created_at":"2021-02-08T07:10:30-05:00","service":"manual","updated_at":"2021-02-08T07:20:21-05:00","tracking_company":null,"shipment_status":null,"location_id":58724384929,"line_items":[{"id":6630840008865,"variant_id":null,"title":"Red Sports Tee","quantity":1,"sku":null,"variant_title":null,"vendor":null,"fulfillment_service":"manual","product_id":null,"requires_shipping":true,"taxable":true,"gift_card":false,"name":"Red Sports Tee","variant_inventory_management":null,"properties":[],"product_exists":false,"fulfillable_quantity":0,"grams":0,"price":"50.00","total_discount":"0.00","fulfillment_status":"fulfilled","price_set":{"shop_money":{"amount":"50.00","currency_code":"CHF"},"presentment_money":{"amount":"50.00","currency_code":"CHF"}},"total_discount_set":{"shop_money":{"amount":"0.00","currency_code":"CHF"},"presentment_money":{"amount":"0.00","currency_code":"CHF"}},"discount_allocations":[],"duties":[],"admin_graphql_api_id":"gid:\/\/shopify\/LineItem\/6630840008865","tax_lines":[]}],"tracking_number":null,"tracking_numbers":[],"tracking_url":null,"tracking_urls":[],"receipt":{},"name":"#1002.1","admin_graphql_api_id":"gid:\/\/shopify\/Fulfillment\/2964874789025"}],"refunds":[],"total_tip_received":"0.0","original_total_duties_set":null,"current_total_duties_set":null,"admin_graphql_api_id":"gid:\/\/shopify\/Order\/3208441659553","shipping_lines":[],"billing_address":{"first_name":"Franz","address1":"Im Malbun 3","phone":null,"city":"Malbun","zip":"9497","province":null,"country":"Liechtenstein","last_name":"Herbert","address2":null,"company":null,"latitude":47.1037166,"longitude":9.6079898,"name":"Franz Herbert","country_code":"LI","province_code":null},"shipping_address":{"first_name":"Franz","address1":"Im Malbun 3","phone":null,"city":"Malbun","zip":"9497","province":null,"country":"Liechtenstein","last_name":"Herbert","address2":null,"company":null,"latitude":47.1037166,"longitude":9.6079898,"name":"Franz Herbert","country_code":"LI","province_code":null},"customer":{"id":4437506490529,"email":"franz@example.com","accepts_marketing":false,"created_at":"2021-01-06T05:30:51-05:00","updated_at":"2021-02-08T07:09:21-05:00","first_name":"Franz","last_name":"Herbert","orders_count":2,"state":"disabled","total_spent":"100.00","last_order_id":3208441659553,"note":null,"verified_email":true,"multipass_identifier":null,"tax_exempt":false,"phone":null,"tags":"","last_order_name":"#1002","currency":"CHF","accepts_marketing_updated_at":"2021-01-06T05:30:51-05:00","marketing_opt_in_level":null,"admin_graphql_api_id":"gid:\/\/shopify\/Customer\/4437506490529","default_address":{"id":5141281603745,"customer_id":4437506490529,"first_name":"Franz","last_name":"Herbert","company":"","address1":"Im Malbun 3","address2":"","city":"Malbun","province":"","country":"Liechtenstein","zip":"9497","phone":"","name":"Franz Herbert","province_code":null,"country_code":"LI","country_name":"Liechtenstein","default":true}}}

X-Shopify-Hmac-SHA256 = fQK5fMmfXtvaR7nFi4ztzoKSVN2gQHQuiT1x5cFQZoY=

app shared secret = "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"  - I've already changed it.

calculated hmac before encoding = 7D02B97CC99F5EDBDA47B9C58B8CEDCE829254DDA040742E893D71E5C1506686

calculated hmac base64 encoded = N0QwMkI5N0NDOTlGNUVEQkRBNDdCOUM1OEI4Q0VEQ0U4MjkyNTREREEwNDA3NDJFODkzRDcxRTVDMTUwNjY4Ng==

 

Can anyone verify this please?

 

Cheers

 

 

0 Likes