FROM CACHE - en_header
Promotion image
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

App development HMAC verification

App development HMAC verification

arkadi-kreichma
Visitor
1 0 0
‎09-25-2023 03:16 PM

Hello.

Do we need to verify the HMAC during the initial app redirect (installation phase)? If yes, which fields in the initial payload are involved? Also, should we validate the HMAC signature when we receive the OAuth2 request with the authorization code? And, which secret should we use for signing the payload? 

Thank you.


Labels:
3,898 Views
0 Likes
Report
Reply 1 (1)

SBD_
Shopify Staff
1831 273 423
‎09-25-2023 11:04 PM

Hey @arkadi-kreichma 


Verify the installation request? Yep, here's how.

 

Validate authorization code? Yep, here's how.

Which secret key? The secret key is the `client secret` from the Partner dashboard > Select the app.

 

 

Scott | Developer Advocate @ Shopify 

3,871 Views
0 Likes
Report
Terms of Service Privacy Policy