GDPR webhooks are not getting triggered by Shopify.

dom-linq
Shopify Partner
34 1 14

Hi, I have been having an issue with this for some time now. I had my webhooks configured properly at one point but ran into an issue of no longer receiving them after creating a new app on the same App URL of an old one that I had removed. This was so I can have the proper app slug and App bridge URL extension names for my app.

I have validated these routes with postman sending a hmac request to my app and they are working as expected but not getting anything from Shopify on any of the GDPR requests. 

Not sure what more I can do to debug this issue, any help is appreciated!

Best,

Dom

Replies 8 (8)

_JB
Shopify Staff
836 100 222

Hey @dom-linq,

Have you confirmed the webhook subscriptions still exist on these shops? If the webhook subscriptions were deleted because we didn't receive a response from your server while you were doing the changeover, they'll need to be re-registered on those shops. If you have any examples of webhook_subscription_ids or shops where a registered webhook isn't firing as expected, please send those along and we can investigate further.

JB | Solutions Engineer @ Shopify 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

dom-linq
Shopify Partner
34 1 14

Thank you for the response! Just to confirm that this is only with GDPR webhooks, other webhooks registered in app work as expected and I don't believe I have access to check if these are registered or not correct? Also this is even for new shops that I create where the webhooks are not registering for GDPR.

I will send over some example shopIds to you in a direct message. 

_JB
Shopify Staff
836 100 222

Hey @dom-linq,

I misread your question originally and didn't realize we're talking about GDPR hooks, my apologies there. I just want to confirm you're aware of the expected delays with these 2 endpoints:

customers/redact If the customer hasn't placed an order in the past six months, then Shopify sends the payload 10 days after their request. Otherwise, the the request will be withheld until 6 months have passed.

shop/redact: 48 hours after a store owner uninstalls your app, Shopify sends you a shop/redact webhook

The customer/data_request webhook will fire right away (if your app has access to customers or orders).

Please confirm you've taken these delays into account, and I will proceed with testing.

 

JB | Solutions Engineer @ Shopify 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

dom-linq
Shopify Partner
34 1 14

Yes I am aware of these delays. My app only requires the shop/redact hook to be called but have routes for data/request and customers/redact as well. I have tested for all of them except the customers/redact with no success.

Thank you for looking into this further.

Visely-Team
Shopify Partner
1843 210 488

@Claire222 for webhooks you create using Webhook REST API you should use your app secret. For webhooks created through Admin area you should use  the secrete you see in the Admin are. These webhooks are completely separate entities. You can get the webhooks registered through Admin in the list of webhooks if you do a GET to the Webhooks REST API.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
Claire222
Shopify Partner
161 0 1

Thanks @Visely-Team , this is super helpful. I wish Shopify would add this info to their help docs!

banned
dom-linq
Shopify Partner
34 1 14

Thanks to the help of @_JB  I was able to get this resolved. My server uses Nginx and I was having an issue with the TLS version that was being used. Webhooks sent for GDPR from Shopify use TLSv1.2 to send their requests. Therefore you need to ensure you support this and in my case I only had TLSv1.3.

To find if you have a similar problem run the following to your webhook endpoint and if you see this result it is most likely related to the TLS configuration -

~ curl https://${YOUR_APP_URL}/webhooks/shop/redact --verbose --data {}
*   Trying ********...
* TCP_NODELAY set
* Connected to ${YOUR_APP_URL} (********) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, protocol version (582):
* error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
* Closing connection 0
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version

In my nginx server config I set this with the following -

server {
ssl_protocols TLSv1.2 TLSv1.3;
}

Then reload Nginx and you should see this resolved.

geraldnelson
Shopify Partner
1 0 0

May I ask you what POST params send by shopify Payload Request for customers/redact 

Because if we have lot of orders we cannot remove all of the orders. Can you be precisely mention what params that we can get form the Payload in order to give the correct information. 

 

If the App is custom app and don't have customer creation just have products sync to a another channel how these hooks will be design. I would like to know....please advise. 

 

The information of your guides are very narrow....this is one of the reason thousands of question on one topic. Can you make it up to the point and precise. 

 

Writing docs like essays and books doesn't give clear explanation. back in the old days we do this. but now everything time is very important. Can you work around this please