Hi There,
If you are talking about webhooks created in the admin and not through the API its a matter generating an HMAC containing the message body you get from shopify in the reqest body and comparing that to the header x-shopify-hmac-sha256
example:
<cfset shopifyWebhooksecret = [add your secret here]>
<cfset httpRequestData= getHttpRequestData()>
<cfset httpContent = httpRequestData.content>
<cfset shopifyHmac = httpRequestData.headers["X-Shopify-Hmac-SHA256"]>
<cfset calculated_hmac = HMAC(httpContent, shopifyWebhooksecret ,"HMACSHA256")>
<cfset isValid = calculated_hmac EQ shopifyHmac>
if you are talking about verifying webhooks you added through the webhook api.. I'm trying to find an answer myself still 🙂
Cheers,
Gary
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
Shopify Discussion
Partners and Developers