App Proxy is not working - appending the app proxy twice

2 0 0



We've got an app proxy setup which has been working across our development team. We've create a KOA middleware function to check the signature coming from the App Proxy that looks like the following:


async function verifyAppProxy(ctx: any, next: Function): Promise<any> {
    const { query } = ctx.request;
    const { signature } = query;

    delete query.signature;
    const input = Object.keys(query)
        .map((key) => {
            let value = query[key];
            value = Array.isArray(value) ? value : [value];
            return `${key}=${value.join(',')}`;

    const hash = crypto
        .createHmac('sha256', SHOPIFY_API_SECRET_KEY)

    ctx.assert(signature === hash, 403, 'invalid signature');

    return await next();

For one of our developers though it just won't work. Once we started debugging the code, we found that App Proxy is sending the Query String twice.... for instance, the url should look like

but instead it is coming out looking like this

So the signature ends up coming in as an array with two values

signature = [ "mysignature?", "mysignature"] 

 This seems to be an internal fault in App Proxy itself. We've tried to removing and then adding again the App Proxy multiple times yet we still seem to get the same fault.


The only other thing we can think to try is to delete and re-create the application from scratch which he will try tomorrow.


Any ideas?

Replies 2 (2)

2 0 0

BTW, each of our developers has a seperate App but running from the same code base and we've made sure that each of the apps uses a different App Proxy URL.

Shopify Staff
1829 269 407

Hey @kwp-simon 


Can you please link me to an example store exhibiting this behaviour? (reply or dm)

Scott | Developer Advocate @ Shopify