I am in the final stages of building my embedded app with Node, Koa and React. I am trying to configure the required webhooks for app submission.
I've gleaned from other threads that there's no preconfigured way to test these webhooks through the shopify admin. I'm wondering - are there any workarounds that people have found for testing these endpoints? How do the shopify administrators test these endpoints when an app is in review? Without the ability to test these endpoints, how can I possibly know if these endpoints I've configured will function properly when it is under review or in production?
You can test customer redaction as well as data request on your development store by creating a test Customer and then within the Shopify Admin, find that customer, open the details and on the right-hand side you should see two buttons View customer data and Erase customer data. To test the Shop redaction webhook you can just uninstall the app on your development store and you should get that webhook fired.
That is an option, however, it is more of a higher level Unit Test than a full integration test, as you mock the payload Shopify is sending over.
So is there a way to test GDPR webhooks via Shopify? Is there no way to send a notification request to test? Seems really silly that Shopify forces GDPR webhooks but doesn't provide testing capability.
@Claire222 look at my reply a couple of posts back. You can definitely test customer redaction and data request through Shopify Admin, by creating a Customer. Shop redaction is a little bit more involved as you'll have to wait for 2 days to get that webhook fired, but it works even for development store.
On the side note, these three webhooks are no different than any other webhook, and there are examples of payloads you should expect to receive, really don't see an issue here.
Thank you. We keep getting `401 Unauthorized` errors and perhaps I have an incorrect understanding of how Shopify webhooks verifications work?
The Shopify website says:
Each webhook request includes a base64-encoded X-Shopify-Hmac-SHA256 header, which is generated using the app's shared secret along with the data sent in the request.
but then it says...
Webhooks created through the Shopify admin are verified using the secret displayed in the Webhooks section of the Notifications page.
We use shopify_app webhoooks manager for creating webhooks. What should the secret be (see screenshots below)?
I decided to write up my method as a blog post this evening -
You basically create an hmac for your GDPR message using your store key, and send post requests from a REST client
Let me know how you get on