FROM CACHE - en_header

PHP - HMAC isn't valid on some requests

Will_Perspectiv
Tourist
4 0 1
‎09-17-2020 10:57 AM

PHP - HMAC isn't valid on some requests

Hi everyone, 

I'm having issues with HMAC validation. Sometimes it's valid sometimes it's not.

Some examples where my HMAC is valid are URL's such as DOMAIN/shipping-zone or DOMAIN/settings

However URL's such as the domain root or a query with hmac, timestamp and etc PLUS an additional parameter are not valid?

Am I approaching this incorrectly?

if (!isset($query['timestamp'])) return false;

$seconds_in_a_day = 24 * 60 * 60;
$older_than_a_day = $query['timestamp'] < (time() - $seconds_in_a_day);

if ($older_than_a_day) return false;

$shared_secret = $_ENV['SHOPIFY_API_SECRET_KEY'];
$hmac_header = $query['hmac'];
unset($query['hmac']);
$data = urldecode(http_build_query($query));
$calculated_hmac = hash_hmac('sha256', $data, $shared_secret, false);

$verified = hash_equals($hmac_header, $calculated_hmac);

return $verified;

 

144 Views
0 Likes
Report
Reply 1 (1)
Greg_Kujawa
Shopify Partner
1023 84 266
‎09-17-2020 11:48 AM

Re: PHP - HMAC isn't valid on some requests

If you are familiar enough with Ruby, there's a sample routine on one of the Shopify documentation pages --> https://shopify.dev/tutorials/manage-webhooks. Perhaps this could shed some light. 

135 Views
0 Likes
Report

Community Blog Articles

Trevor_0-1658936764652.jpeg

How you can use PayPal to accept payments and pay your Shopify bill

Connect your PayPal account to allow your customers to checkout using the PayPal gateway a...

By shopify staff Ollie Jul 28, 2022
Ollie_0-1655835122068.jpeg

Improving your online store speed

Your online store speed can enhance your store’s discoverability, boost conversion rates a...

By shopify staff Ollie Jun 30, 2022
woman-holding-mobile-phone.jpg

Optimizing Storefront for Mobile Shopping

Shopping is at our fingertips with mobile devices. Is your theme optimized to be user-frie...

By shopify staff Holly Jun 24, 2022
Terms of Service Privacy Policy