HMAC validation failed for bulk actions

Highlighted
New Member
2 0 0

Hi, 

 

I'm having trouble validating my requests that are made with bulk actions at products page. I'm selecting products and then want to process those products with my app, but I can't create the correct HMAC for request to validate. We are using PHP at the backend, and I'm seeing requests like this: 

 

array:5 [  "hmac" => "4faf029504cf62861d26c99972954377053d880b143f58372e6cde07fd1dd829"
  "ids" => array:2 [
    0 => "1918955028546"
    1 => "1892046635074"
  ]
  "locale" => "en-FI"
  "shop" => "local-development.myshopify.com"
  "timestamp" => "1570019928"]

Problem is, I don't know how that array of ids should be treated for me being able to calculate matching HMAC.

I've tried:

  • ids=[1918955028546, 1892046635074] ...
  • ids=["1918955028546", "1892046635074"] ...
  • ids[]=1918955028546&ids[]=1892046635074 ...
  • ids=1918955028546,1892046635074 ...
  • And anything else I can think of

What is the correct format to pass array values into hash calculation?

 

This is the validation code we are using:

return $hmac_from_request === hash_hmac('sha256', urldecode(http_build_query($request_params_without_hmac)), $apisecret);

 

HMAC calculation works just fine when there are no arrays in request data. Opening the app from apps list validates just fine.

0 Likes
New Member
2 0 0

Anyone else having this problem when accessing your apps from bulk action without previously opened session? Mine is always failing with calculating the hash that should include IDs as a list. If session already exists and I try to access my app from orders bulk action, everything is just fine and the hash gets validated when I build the IDs array like this:

$verify['ids'] = is_array($value) ? '["' . implode('", "', $value) . '"]' : $value;
0 Likes