What means do Shopify partners have to verify that the request made to the returnUrl on AppSubscription is from Shopify?
There isn't any mention of verifying that the request comes from Shopify in the Bill for your app with the GraphQL Admin API, the documentation around AppSubscription, RecurringApplicationCharge documentation, nor the Charging for your app with the REST Admin API: Implement your billing model.
What's particularly frustrating is that this question has been asked for years from fellow Shopify development partners with no response from Shopify staff. I can understand things not being implemented and holes in the documentation but the silence has been deafening and even a "we're working on it" would make me feel a lot better about at least being heard. It seems as if more and more questions in the Shopify APIs & SDKs forums are left deserted. What should my expectations be as a Shopify partner around SLAs for questions?
Examples of similar questions that have had no response from Shopify staff.