Shopify Auth Key

Alternatives
New Member
6 0 0

In order to configure our API subscription to shopify order/create webhook, does this API have to be completely open(public) or can we provide an auth key to Shopify so that Shopify would use that key to authenticate/send us the payload when order is created.

We understand that we can validate if the payload was send from Shopify, but that happens after the payload is accepted(on AWS side) and we start the validation of the headers. That still means that our API/endpoint is open to the world and anyone can trigger it (it’s just won’t pass the validation). We wanted to check if we can put that wall one step before the validation and actually not allow anyone without the auth. key(that we’ll provide) to call the endpoint. Please let us know.

0 Likes
mikedasilva
Shopify Staff
Shopify Staff
32 2 2

Hi @Alternatives ,

 

If you're using HTTP webhooks, the only thing you can do is include a "key" in the url that you subscribe to the webhook with and then have logic on your API to filter out requests without that "key" passed in. We don't support using an actual auth key.

Alternatively, if you don't want to spin up a public API, you can use an alternative delivery method. Are you using a cloud provider such as AWS or GCP?

mikedasilva | Developer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
Alternatives
New Member
6 0 0

@mikedasilva Thank you for the reply. Good to know. Yes we are using AWS. 

0 Likes
mikedasilva
Shopify Staff
Shopify Staff
32 2 2

Ok, in that case you're better off using our integration with EventBridge. You won't need to validate them either.

See the following for more info

https://shopify.dev/tutorials/manage-webhook-events-with-eventbridge

 

mikedasilva | Developer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes