Refund Signature Verification

New Member
2 0 0

I'm attempting to verify the signature of the Order Management refund endpoint. It's important to note that this same exact signature verification method works perfectly for checkout.


We take all of the body fields that start with 'x_' apart from the x_signature, sort them alphabetically generate the hmac and compare it with the provided x_signature.


Here's an example:


1. Received body:

x_account_id: 'yyy',
x_amount: '5.00',
x_reference: yyy,
x_currency: 'USD',
x_gateway_reference: null,
x_test: true,
x_url_callback: 'yyy',
x_shopify_order_id: yyy,
x_transaction_type: 'refund',
x_signature: '01f06a004a2e8d17decf10d1d2f7d759d5efcc5c111359101fdf1b46c187ca55'


2.Message used for signature


3.Our signature



Again, it's generated through the exact same method checkout uses and works as expected. I simply can't figure out what I'm missing. Is it something about the gateway reference being null? This is what shopify sends though.


If we ignore the validation of the request, and move on to sending the response  acknowledgment of the responses is also a 422.


Any help is super appreciated, thank you.

New Member
2 0 0

Oh, and also when testing through the calculator the same code gets generated.