How do I implement a GDPR webhook with the Shopify node app?

Tourist
9 1 0

Hi all, I have used "$ shopify create node" to create my app and added this GDPR endpoint to server.js:

 

  router.post("/webhooks/customers/data_request", async (ctx) => {
    console.log("(test) webook POST request: ", ctx);
    ctx.body = { message: "No customer data is stored" };
    ctx.res.statusCode = 200;
  });

  router.get("(.*)", verifyRequest(), async (ctx) => {
    await handle(ctx.req, ctx.res);
    ctx.respond = false;
    ctx.res.statusCode = 200;
  });
  server.use(router.allowedMethods());
  server.use(router.routes());

 

However, when I make a curl request to my app `curl https://7e9b38f269fa.ngrok.io/gdpr/shop/redact -d {}` I get a "Forbidden HTTP 403" returned.

Is the wildcard forcing "verifyRequest" onto every url route?

I don't collect any user data, all the logic is done client side with no mutations, but I'd like to implement this.

0 Likes