WebHook verification

New Member
6 0 0

Hi everyone. 

I am building my first webhook process and I need help with the verification process please. 


 I am writing my app in Vapor and Swift (new to that too) - it would be great to see an example in pure Swift (so I can deploy on Linux) or a command line version that I can see. 


Can anyone help?


thanks in advance





Community Manager
Community Manager
618 45 79

Hey @David_Renwick,


I've personally never heard of Vapor before today, so I can't speak to specific implementation using server side Swift. It may be beneficial posting in a Vapor specific board if one exists on Stackoverflow, or any other development community.


As for the general steps to verify a webhook, here's what you do.


1. Read the HTTP_X_SHOPIFY_HMAC_SHA256 header value from the webhook.

2. Using your app's shared secret and the webhook payload, generate a sha256 digest.

3. Compare your calculated digest to the HTTP_X_SHOPIFY_HMAC_SHA256 header value.

4. If the two match, the request is legitimate, and originated from Shopify.


There are some code examples in other languages here that may be useful.