I am building my first webhook process and I need help with the verification process please.
I am writing my app in Vapor and Swift (new to that too) - it would be great to see an example in pure Swift (so I can deploy on Linux) or a command line version that I can see.
Can anyone help?
thanks in advance
I've personally never heard of Vapor before today, so I can't speak to specific implementation using server side Swift. It may be beneficial posting in a Vapor specific board if one exists on Stackoverflow, or any other development community.
As for the general steps to verify a webhook, here's what you do.
1. Read the HTTP_X_SHOPIFY_HMAC_SHA256 header value from the webhook.
2. Using your app's shared secret and the webhook payload, generate a sha256 digest.
3. Compare your calculated digest to the HTTP_X_SHOPIFY_HMAC_SHA256 header value.
4. If the two match, the request is legitimate, and originated from Shopify.
There are some code examples in other languages here that may be useful.
|an hour ago|