Seeking Assistance in Verifying Shopify Webhook

Solved
Highlighted
Tourist
3 1 0

I am seeking assistance in verifying a test shopify webhook for a private app in ASP.NET MVC. When generating/calculating the digital signature hash, it creates a value that conflicts with the expected result. We have tried implementing code from this link here to create the matching values for the verification process. https://community.shopify.com/c/Shopify-APIs-SDKs/How-can-I-create-a-matching-HMAC-value-to-verify-a...

 

Attached below is a trimmed down version of the code we use that goes over all of the relevant parts. If anything seems omitted that might cause such issues, any help to address those would be greatly appreciated. 

 

//begin code

var inputStream = HttpContext.Current.Request.InputStream;
inputStream.Position = 0;
string requestBody = await new StreamReader(inputStream).ReadToEndAsync();
Log.Error("read the request body");
Log.Error(requestBody);
var hmacHeaderValues = Request.Headers.FirstOrDefault(kvp => kvp.Key.Equals("X-Shopify-Hmac-SHA256", StringComparison.OrdinalIgnoreCase)).Value;
if (hmacHeaderValues.Count() < 1)
{
    Log.Error("could not find X-Shopify-Hmac-SHA256");
return false;
}
string hmacHeader = hmacHeaderValues.First();
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(System.Configuration.ConfigurationManager.AppSettings["AppSecret"]));
 
string hash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(requestBody)));
 
Log.Error("Generated: " + hash);
Log.Error("Comparing to: " + hmacHeader);
 
if (hash != hmacHeader)
{
    Log.Error("Given and generated hash values did not match");
return false;
}
 
return true;
//end code
0 Likes
Highlighted
Tourist
3 1 0

This is an accepted solution.

Issue was resolved. The wrong token was being used. The right token was under the test webhook. The token that was originally used was the admin shared token in the private apps page. 

0 Likes
Highlighted
New Member
6 0 0

Hi,

I am using nuget package library ShopifySharp that has all the methods covert for Shopify API

ShopifySharp

 

0 Likes
Highlighted
New Member
6 0 0

@Cesi_EG I am having a similar issue, and I suspect I may be using the wrong token as well. Could you describe where you found the correct one in a little more detail?

 

Thanks!

0 Likes
Tourist
3 1 0

It's been a while since I had to look at this particular section of my code but I can certainly try to refresh my memory. If I recall based on my posts, the value I should have been trying to get was noted around the bottom of the page in Settings > Notifications. You should see a section titled Webhooks there. When I used the phrasing "under the webhook" in my solution, I meant under the webhook section on the Shopify admin page > Settings > Notifications as pictured here. The place where the arrow points is where the token you want to get for verification is.  shopify.PNG

 

0 Likes