We have a plugin with Shopify and create webhooks with customers. One of our customers occasionally sends us order update (fulfillment) requests that exceed our current max request size of 100KB (the Play default). The request content is being truncated, which causes HMAC to fail, which causes us to kick back a 401, which in turn gets us into trouble with Shopify. So we are trying to figure out a good solution.
Is there a cap on the size of requests Shopify could potentially send us so that we could adjust our max request size accordingly? There is no point in us increasing our limit if we still get even bigger requests. Is there a reason a customer might send a 100KB order fulfillment webhook request? Are images or other such data being included? If so, is there a setting we could request our customer change to ensure we don't get the "excess" data? Is there a proper status code we could return that would not get us in trouble with Shopify when such a scenario did occur?
Any advice you could give on this matter would be greatly appreciated.
That would be cool. Unusual but cool nonetheless. User definable Webhook subscriptions. Not holding my breath on something like that but it sure would be nice. Subscriber signs up to the Publisher's offerings and cherry picks what they really want in the sundae.
You can ask for fields on a webhook.. which is pretty mickey mouse, all things considered, but that has nothing to do with the payload you receive. It is merely a decoration on the data returned about a Webhook, not the data the Webhook sends to your endpoint.
Speaking of misunderstanding, what is Play? I thought that was nothing but the Android store for Apps. How is it an endpoint for anything?
It all depends on what was being sent. There's lots of additional data that is sent with a request (all a products variants, images, etc.) that can result in some pretty large API requests. It would all depend on how your clients or their customers are using Shopify. For example you could have a shop acting as a wholesaler and customers making massive orders. Orders with thousands of items could result in some pretty large requests.
Our API currently doesn't support any kind of gzip compression, which could result in some savings because of all the duplication (keys, etc.) if we added it.
If you can figure out what fields you need, you could update your webhook subscriptions to only the fields you need. Also, until you can figure that out, increasing your permitted request payloads is probably the easiest.