WebHook verification

New Member
5 0 0

Hi everyone. 

I am building my first webhook process and I need help with the verification process please. 

 

 I am writing my app in Vapor and Swift (new to that too) - it would be great to see an example in pure Swift (so I can deploy on Linux) or a command line version that I can see. 

 

Can anyone help?

 

thanks in advance

 

 

 

 

0 Likes
Highlighted
Community Manager
Community Manager
453 17 45

Hey @David_Renwick,

 

I've personally never heard of Vapor before today, so I can't speak to specific implementation using server side Swift. It may be beneficial posting in a Vapor specific board if one exists on Stackoverflow, or any other development community.

 

As for the general steps to verify a webhook, here's what you do.

 

1. Read the HTTP_X_SHOPIFY_HMAC_SHA256 header value from the webhook.

2. Using your app's shared secret and the webhook payload, generate a sha256 digest.

3. Compare your calculated digest to the HTTP_X_SHOPIFY_HMAC_SHA256 header value.

4. If the two match, the request is legitimate, and originated from Shopify.

 

There are some code examples in other languages here that may be useful.

 

https://help.shopify.com/en/api/getting-started/webhooks#verifying-webhooks

 

Cheers,

0 Likes