Refund Signature Verification

New Member
2 0 0

I'm attempting to verify the signature of the Order Management refund endpoint. It's important to note that this same exact signature verification method works perfectly for checkout.

 

We take all of the body fields that start with 'x_' apart from the x_signature, sort them alphabetically generate the hmac and compare it with the provided x_signature.

 

Here's an example:

 

1. Received body:

x_account_id: 'yyy',
x_amount: '5.00',
x_reference: yyy,
x_currency: 'USD',
x_gateway_reference: null,
x_test: true,
x_url_callback: 'yyy',
x_shopify_order_id: yyy,
x_transaction_type: 'refund',
x_signature: '01f06a004a2e8d17decf10d1d2f7d759d5efcc5c111359101fdf1b46c187ca55'

 

2.Message used for signature

x_account_idyyyx_amount5.00x_currencyUSDx_gateway_referencenullx_referenceyyyx_shopify_order_idyyyx_testtruex_transaction_typerefundx_url_callbackyyy


3.Our signature

c1f17779c132fdc530bb87f297d72f0ddc7e116a83f93140858b6454a1eb3c3e

 

Again, it's generated through the exact same method checkout uses and works as expected. I simply can't figure out what I'm missing. Is it something about the gateway reference being null? This is what shopify sends though.

 

If we ignore the validation of the request, and move on to sending the response  acknowledgment of the responses is also a 422.

 

Any help is super appreciated, thank you.

0 Likes
Highlighted
New Member
2 0 0

Oh, and also when testing through the calculator the same code gets generated.

0 Likes