FROM CACHE - en_header

Hmac verification on customers/redact

New Member
1 0 0

Hi All,


Try to implement the GDPR webhook. Have a few questions about how the HMAC is generated etc.


Is the hmac generated from the whole response json? or the headers?

Assuming it is the JSON, is white space been sanitized, \r\n and trailing white space?


If I think of any thing else I will update more, thanks in advanced! 

Reply 1 (1)
Shopify Staff
Shopify Staff
58 7 10


The HMAC is generated based on the body of the webhook. You can refer to these docs for examples of how to verify.



mikedasilva | Developer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit or the Shopify Web Design and Development Blog