I'm setting up my first App and are working on the billing part of it. I plan to use the RecurrentApplicationCharge option for creating a monthly charge - and that all works.
However, I am not sure how to verify/authenticate the call that Shopify makes to my App (the "return_url") after the user has accepted the App charge. The request made by Shopify to my App contains no hmac parameter nor a X-Shopify-Hmac-Sha256 header.
All other requests made by Shopify to my App contain some form of verification/authentication mechanism.
How do I verify the request made by Shopify to the specified return URL?