Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
This link contains examples in other languages but not Coldfusion.
https://shopify.dev/tutorials/manage-webhooks#verify-webhook
Hi There,
If you are talking about webhooks created in the admin and not through the API its a matter generating an HMAC containing the message body you get from shopify in the reqest body and comparing that to the header x-shopify-hmac-sha256
example:
<cfset shopifyWebhooksecret = [add your secret here]>
<cfset httpRequestData= getHttpRequestData()>
<cfset httpContent = httpRequestData.content>
<cfset shopifyHmac = httpRequestData.headers["X-Shopify-Hmac-SHA256"]>
<cfset calculated_hmac = HMAC(httpContent, shopifyWebhooksecret ,"HMACSHA256")>
<cfset isValid = calculated_hmac EQ shopifyHmac>
if you are talking about verifying webhooks you added through the webhook api.. I'm trying to find an answer myself still 🙂
Cheers,
Gary
After a very long time, I've figured it out so if anyone else out there is having problems verifying webhooks with coldfusion here is the solution
<cfset httpcontent = getHTTPRequestData().content>
<cfset shopifySecret = [Your Apps Shared Secret / API Secret Key]>
<cfset shopifyhmac = getHttpRequestData().headers["x-shopify-hmac-sha256"]>
<cfset calculatedHmac = binaryEncode(binaryDecode(hmac(httpContent, shopifySecret,"HMACSHA256"),"hex"),"base64")>
<cfif calculatedhmac EQ shopifyhmac>
.... good to go
<cfelse>
.. don't accept
</cfif>