Development discussions around Shopify APIs
This link contains examples in other languages but not Coldfusion.
https://shopify.dev/tutorials/manage-webhooks#verify-webhook
Hi There,
If you are talking about webhooks created in the admin and not through the API its a matter generating an HMAC containing the message body you get from shopify in the reqest body and comparing that to the header x-shopify-hmac-sha256
example:
<cfset shopifyWebhooksecret = [add your secret here]>
<cfset httpRequestData= getHttpRequestData()>
<cfset httpContent = httpRequestData.content>
<cfset shopifyHmac = httpRequestData.headers["X-Shopify-Hmac-SHA256"]>
<cfset calculated_hmac = HMAC(httpContent, shopifyWebhooksecret ,"HMACSHA256")>
<cfset isValid = calculated_hmac EQ shopifyHmac>
if you are talking about verifying webhooks you added through the webhook api.. I'm trying to find an answer myself still 🙂
Cheers,
Gary
After a very long time, I've figured it out so if anyone else out there is having problems verifying webhooks with coldfusion here is the solution
<cfset httpcontent = getHTTPRequestData().content>
<cfset shopifySecret = [Your Apps Shared Secret / API Secret Key]>
<cfset shopifyhmac = getHttpRequestData().headers["x-shopify-hmac-sha256"]>
<cfset calculatedHmac = binaryEncode(binaryDecode(hmac(httpContent, shopifySecret,"HMACSHA256"),"hex"),"base64")>
<cfif calculatedhmac EQ shopifyhmac>
.... good to go
<cfelse>
.. don't accept
</cfif>
User | RANK |
---|---|
8 | |
6 | |
5 | |
5 | |
5 |
Learn these 5 things I had to learn the hard way with starting and running my own business
By Kitana Jan 27, 2023Would you love to unleash the unbridled power of the Google Shopping Channel into your sho...
By Gabe Jan 6, 2023How can you turn a hobby into a career? That’s what Emmanuel did while working as a wa...
By Skye Dec 30, 2022