How to pass headers in shopify webhooks API

Solved
Highlighted
New Member
3 0 0

I need to pass username and password for authentication to my destination address which will be hit when the web hook is triggered. how to pass these username and password as headers to destination address?? and also i need the usage of fields in web hook payload and when& where it will be used??
Any solution regarding this issue are welcomed.!
Thanks in advance!

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1041 140 167

Hey @sangeetha_logu,

 

Which credentials are you referring to? Could you store them on the server that's listening for webhooks? If you're just trying to verify the webhook originated from Shopify, here's how you can do that.

 

and also i need the usage of fields in web hook payload and when& where it will be used

By specifying fields, you can reduce the size of the payload. E.g. "when a product is updated, only send me the product title". More info here.

Notice; Out of office, replies will be delayed until my return. Thanks!
1 Like
Excursionist
25 3 5

This is an accepted solution.

As @SBD_ said, the webhook already come with a good way to verify is origin, i got here a little function to you, so you can verify easily, using php.

 

The HMAC ($hmac) comes through this header: "X-Shopify-Hmac-SHA256".

The shared secret ($shared_secret) is yours app secret key.

the $data is the raw input stream ( you could get it through file_get_contents("php://input") for ex.)

 

so this is the function:

 

function hashHMAC($hmac, $data, $shared_secret)
    {
        $hmac = bin2hex(base64_decode($hmac));
        $computed_hmac = hash_hmac('sha256', $data, $shared_secret);

        return hash_equals($hmac, $computed_hmac);
    }

So, if it returns TRUE its from Shopify, otherwise nope.

 

I hope that helps you.

 

 

2 Likes
Highlighted
New Member
3 0 0

Thanks @angeloghiotto.  Can you provide solution without using php. since i am not going to use any controllers.

0 Likes
Highlighted
Excursionist
25 3 5

It is a simple function, it can be used as pure PHP, do not required any architectural pattern or framework.

 

Anyway, you can check out the functions on PHP official web site and "translate" it to your current language if you are not using PHP, and, @SBD_ linked "how to do the verify" that have a Ruby implementation, that also can help you to figure out it in the programming language that you are using.

0 Likes