When shopify sends payment request to payment provider, header contains shopify_domain, request_id etc. But nothing as such that can help authenticate the request from shopify. How should it be authenticated?
Solved! Go to the solution
This is an accepted solution.
So, Payments apps must implement MTLS to handle all requests originating from Shopify. Please feel free to check out our documentation here regarding this - thanks!