I'm attempting to verify the signature on a callback for fetch_stock in a private app. My verification works perfectly on webhooks, but with a callback I can't find any information that tells me how to use generate a value for comparison to the X-SHOPIFY-HMAC-SHA256 header value.
Is there any documentation from Shopify detailing how that value is generated?
Solved! Go to the solution
Any help on this one? With a webhook, I pass that incoming data file (json) in to generate the hash code to compare against the hmac value sent in the headers. With a GET fetch_stock.json, there is no data to pass in for verification. I've tried using the query parameters but they don't result in the right value for comparison.
I'm developing integration with Shopify on an AS400 using the RPGLE language, so I really need specifications since none of the python, php, or ruby examples help me. They all assume access to libraries to handle everything. I have no libraries and am pushing the hmac/base64 through openssl in whats called qshell on an as400.
I'm not going to get past this one without someone telling me how to verify the fetch_stock and fetch_tracking GETS that Shopify sends.
This is an accepted solution.
For anyone else struggling with this issue, I managed to find the solution.
hi, Are you looking for a way to grow, And make more Profits from you Shopify Store Business ? If yes, I can help you,
Kindly click on this my Fiverr Gig Link for better discussion, https://www.fiverr.com/share/rxq3mr