Private App Callback Verification

Solved
Dan54
Shopify Partner
13 1 1

I'm attempting to verify the signature on a callback for fetch_stock in a private app. My verification works perfectly on webhooks, but with a callback I can't find any information that tells me how to use generate a value for comparison to the X-SHOPIFY-HMAC-SHA256 header value.

 

Is there any documentation from Shopify detailing how that value is generated?

0 Likes
Dan54
Shopify Partner
13 1 1

Any help on this one? With a webhook, I pass that incoming data file (json) in to generate the hash code to compare against the hmac value sent in the headers. With a GET fetch_stock.json, there is no data to pass in for verification. I've tried using the query parameters but they don't result in the right value for comparison. 

 

I'm developing integration with Shopify on an AS400 using the RPGLE language, so I really need specifications since none of the python, php, or ruby examples help me. They all assume access to libraries to handle everything. I have no libraries and am pushing the hmac/base64 through openssl in whats called qshell on an as400.

 

I'm not going to get past this one without someone telling me how to verify the fetch_stock and fetch_tracking GETS that Shopify sends.

0 Likes
Dan54
Shopify Partner
13 1 1

This is an accepted solution.

For anyone else struggling with this issue, I managed to find the solution.

 

  1. Forum post verify GET request webhooks started me on the right trail. It showed the right values to use as a seed on GET webhooks/callbacks "max_retries=3&shop=xxx.myshopify.com&sku=EP-1000&timestamp=1513632322"
  2. However, there is a difference between the key used for webhooks and the key used for callbacks. On callbacks, you need to use the shared secret assigned to your private app instead of the key assigned to webhooks.
Roselinlin
New Member
5 0 0

hi, Are you looking for a way to grow, And make more Profits from you Shopify Store Business ? If yes, I can help you,

Kindly click on this my Fiverr Gig Link for better discussion, https://www.fiverr.com/share/rxq3mr

0 Likes