GDPR requirements/Webhook testing

Highlighted
Tourist
8 0 3

Hi-

 

I am in the final stages of building my embedded app with Node, Koa and React.  I am trying to configure the required webhooks for app submission.

 

I've gleaned from other threads that there's no preconfigured way to test these webhooks through the shopify admin.  I'm wondering - are there any workarounds that people have found for testing these endpoints?  How do the shopify administrators test these endpoints when an app is in review?  Without the ability to test these endpoints, how can I possibly know if these endpoints I've configured will function properly when it is under review or in production?

0 Likes
Highlighted
Shopify Partner
1444 172 264

You can test customer redaction as well as data request on your development store by creating a test Customer and then within the Shopify Admin, find that customer, open the details and on the right-hand side you should see two buttons View customer data and Erase customer data. To test the Shop redaction webhook you can just uninstall the app on your development store and you should get that webhook fired.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
Highlighted
Tourist
8 0 3

Thanks for the quick reply!

 

Doesn't the shop redaction webhook take two days?  Do i have to wait two days every time i want to test the webhook?

0 Likes
Highlighted
Excursionist
30 0 5

Hi

 

I had the same problem - beyond unit testing my approach was to disable the HMAC validation on the endpoint and send example hooks. Obviously i re-enabled after the test

 

Its not perfect but I wanted to integration test the persistence layer

0 Likes
Highlighted
Shopify Partner
1444 172 264

That is an option, however, it is more of a higher level Unit Test than a full integration test, as you mock the payload Shopify is sending over.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
Highlighted
New Member
4 0 0

So is there a way to test GDPR webhooks via Shopify? Is there no way to send a notification request to test? Seems really silly that Shopify forces GDPR webhooks but doesn't provide testing capability.

0 Likes
Highlighted
Shopify Partner
1444 172 264

@CorkLabs look at my reply a couple of posts back. You can definitely test customer redaction and data request through Shopify Admin, by creating a Customer. Shop redaction is a little bit more involved as you'll have to wait for 2 days to get that webhook fired, but it works even for development store.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
Highlighted
Shopify Partner
1444 172 264

On the side note, these three webhooks are no different than any other webhook, and there are examples of payloads you should expect to receive, really don't see an issue here.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
Highlighted
New Member
4 0 0

Thank you. We keep getting `401 Unauthorized` errors and perhaps I have an incorrect understanding of how Shopify webhooks verifications work?

 

The Shopify website says:

Each webhook request includes a base64-encoded X-Shopify-Hmac-SHA256 header, which is generated using the app's shared secret along with the data sent in the request. 

but then it says...

Webhooks created through the Shopify admin are verified using the secret displayed in the Webhooks section of the Notifications page.

We use shopify_app webhoooks manager for creating webhooks. What should the secret be (see screenshots below)?

  • The number in Settings > Notifications > Webhooks section
  • The API key for our Shopify app
  • The API secret key for our Shopify app

2020-02-13_1413.pngscreenshot.jpg

0 Likes
Highlighted
Excursionist
30 0 5

Hi Corky

 

I decided to write up my method as a blog post this evening -

 

https://www.glenware.com/testing-shopify-gdpr-hooks/

 

You basically create an hmac for your GDPR message using your store key, and send post requests from a REST client

 

Let me know how you get on

 

Thanks

0 Likes