How to verify that request to AppSubscription.returnUrl is from Shopify?

Highlighted
Shopify Partner
31 2 6

Hello,

What means do Shopify partners have to verify that the request made to the returnUrl on AppSubscription is from Shopify?

There isn't any mention of verifying that the request comes from Shopify in the Bill for your app with the GraphQL Admin API, the documentation around AppSubscription, RecurringApplicationCharge documentation, nor the Charging for your app with the REST Admin API: Implement your billing model.

What's particularly frustrating is that this question has been asked for years from fellow Shopify development partners with no response from Shopify staff. I can understand things not being implemented and holes in the documentation but the silence has been deafening and even a "we're working on it" would make me feel a lot better about at least being heard. It seems as if more and more questions in the Shopify APIs & SDKs forums are left deserted. What should my expectations be as a Shopify partner around SLAs for questions?

Examples of similar questions that have had no response from Shopify staff.

0 Likes
Highlighted
Shopify Partner
593 41 118

By any chance is there an HMAC signature or anything like that passed along in the http request? I know that's present in other mechanisms, such as webhooks and whatnot for validating against. Just a stab in the dark since I am not looped into this scenario...

0 Likes