Received incorrect secret key or hmac

ezdev
Shopify Partner
3 0 1

I have an app in Node.js to provide custom shipping rates using Shopify CarrierService API.  Below is my code to verify the request to check if it is coming from Shopify

 

...
const verifyWebhook = (payload, hmac, apiSecret) => { const message = JSON.stringify(payload); const genHash = crypto .createHmac('sha256', apiSecret || '') .update(message) .digest('base64'); return genHash === hmac; };
const router = express.Router();
router.post('/customshippingrates', async (req, res) => { const hmac = req.header('x-shopify-hmac-sha256'); const storeUrl = req.header('x-shopify-shop-domain'); const payload = req.body; const { store: storeRepo } = repositories; const stores = await storeRepo.find({ where: { apiUrl: ILike(`https://${storeUrl}%`) }, }); let store; for (let i = 0; i < stores.length; i++) { let tmpStore = stores[i]; if (tmpStore.apiSecret && verifyWebhook(payload, hmac, tmpStore.apiSecret)) { store = tmpStore; break; } } ...

 

The verification works for a dummy store I use for development. 

 

But the same code failed the verification for our production store (not sure if it will make any difference, but I am using Advanced Shopify Plan here, unlike the dummy store, which is on the Free plan)

 

I get the secret keys from this page in both stores:

Screen Shot 2023-05-28 at 8.39.38 am.png

It is weird and confusing.

Replies 4 (4)

ShopifyDevSup
Shopify Staff
1412 231 484

Hi @ezdev you might like to reach out to our support team with the x-request-id for the failed response on the production store. Our support can check if the correct scopes are applied or if the logs show any detailed errors. Hope this helps.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

ezdev
Shopify Partner
3 0 1

hi @ShopifyDevSup , can you please confirm the right channel for the support team?

 

I can see there is "App" support, but this is our custom app that has not been published yet. Hence, I am unable to select an app on the next screen after clicking on "Apps"

Screen Shot 2023-06-03 at 11.39.48 am.png

ShopifyDevSup
Shopify Staff
1412 231 484

Hey @ezdev ,

 

The best solution would be to contact our partner team directly from your Partner Dashboard under 'Support' while logged in. This will then give you the option to communicate via email or chat.

 

Hope that helps! 

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

ezdev
Shopify Partner
3 0 1

In re-testing it, `x-request-id` does not exist in the request header. Not sure if this is expected.

 

But anyway, I will contact Partner Support then. Thanks.