How do you implement "verifying webhooks" in Coldfusion?

Palas
Visitor
1 0 0

This link contains examples in other languages but not Coldfusion.

 

https://shopify.dev/tutorials/manage-webhooks#verify-webhook

 

 

Replies 2 (2)

garyrgilbert
Shopify Partner
388 40 159

Hi There, 

 

If you are talking about webhooks created in the admin and not through the API its a matter generating an HMAC containing the message body you get from shopify in the reqest body and comparing that to the header x-shopify-hmac-sha256

example:

 

<cfset shopifyWebhooksecret = [add your secret here]>
<cfset httpRequestData= getHttpRequestData()>
<cfset httpContent = httpRequestData.content>
<cfset shopifyHmac = httpRequestData.headers["X-Shopify-Hmac-SHA256"]>
<cfset calculated_hmac = HMAC(httpContent, shopifyWebhooksecret ,"HMACSHA256")>
<cfset isValid = calculated_hmac EQ shopifyHmac>

 

 

if you are talking about verifying webhooks you added through the webhook api.. I'm trying to find an answer myself still 🙂

 

Cheers,

 

Gary

- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution

garyrgilbert
Shopify Partner
388 40 159

 

After a very long time, I've figured it out so if anyone else out there is having problems verifying webhooks with coldfusion here is the solution

 

<cfset httpcontent = getHTTPRequestData().content>
<cfset shopifySecret = [Your Apps Shared Secret / API Secret Key]>
<cfset shopifyhmac = getHttpRequestData().headers["x-shopify-hmac-sha256"]>

<cfset calculatedHmac = binaryEncode(binaryDecode(hmac(httpContent, shopifySecret,"HMACSHA256"),"hex"),"base64")>

<cfif calculatedhmac EQ shopifyhmac>
.... good to go
<cfelse>
.. don't accept
</cfif>

 

 

 

 

- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution