I'm having trouble validating my requests that are made with bulk actions at products page. I'm selecting products and then want to process those products with my app, but I can't create the correct HMAC for request to validate. We are using PHP at the backend, and I'm seeing requests like this:
array:5 [▼ "hmac" => "4faf029504cf62861d26c99972954377053d880b143f58372e6cde07fd1dd829" "ids" => array:2 [▼ 0 => "1918955028546" 1 => "1892046635074" ] "locale" => "en-FI" "shop" => "local-development.myshopify.com" "timestamp" => "1570019928"]
Problem is, I don't know how that array of ids should be treated for me being able to calculate matching HMAC.
What is the correct format to pass array values into hash calculation?
This is the validation code we are using:
return $hmac_from_request === hash_hmac('sha256', urldecode(http_build_query($request_params_without_hmac)), $apisecret);
HMAC calculation works just fine when there are no arrays in request data. Opening the app from apps list validates just fine.
Anyone else having this problem when accessing your apps from bulk action without previously opened session? Mine is always failing with calculating the hash that should include IDs as a list. If session already exists and I try to access my app from orders bulk action, everything is just fine and the hash gets validated when I build the IDs array like this:
$verify['ids'] = is_array($value) ? '["' . implode('", "', $value) . '"]' : $value;