URGENT: Issue with recurring plan charge after the store owner access the charge

Highlighted
Shopify Partner
32 0 3

I am able to create a recurring charge (with the required parameters, including the return url) on my app and navigate the store owner to the confirmation url. When the store owner accepts the charge, shopify redirects the store owner back to the return url, but does not add the query string parameters "hmac", "shop", etc in addition to the charge_id on the "redirect_url". Is this a bug? How do I go about validating the redirect request to the return url if the required parameters are not set? Note: My app does not use the embedded SDK. Could some from the shopify staff help regarding this.

Abishek R Srikaanth | Co-Founder @ greenlyst.app
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
Highlighted
Shopify Partner
32 0 3

@Ryan , Would it be possible for you to take a look into this?


 

Abishek R Srikaanth | Co-Founder @ greenlyst.app
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
0 Likes
Highlighted
Excursionist
14 1 3

I've posted a similar question and my solution here but have received no response.

0 Likes
Highlighted
Trailblazer
173 13 28

I ended up doing something similar to @devenbryant which was to map their shop origin to the query string of their initial request when they hit my OAuth and then store this mapping. Then, on the return URL I append the same query string and I write a conditional where if a request contains charge_id (which Shopify will add), I'll remove the charge_id parameter and then re-validate the remaining query string (which will pass, it passed the first time after all), validate that the charge_id has an active subscription, and go from there.

 

Really frustrating though that they don't provide additional guidance as to why they themselves don't include the extra parameters and create this confusion for us. 

0 Likes
Highlighted
Shopify Partner
49 0 11

My solution is to include the shop's name as a URL parameter.

That way in the callback redirection, I can retrieve the `appSubscriptionId` and the `shopName` and persist it accordingly.


You shouldn't have to think about fraud on your Shopify store.
Ask me about
0 Likes