FROM CACHE - en_header

Webhook listener validation

a_valenti
Shopify Partner
1 0 0

Hi,
I'm trying to make an app that can listen all webooks received from all shopify's store that have installed this app.
What key I have to use to validate the hmac sent in the headers by shopify?
Should I use the key from shopify partners dashboard (app key) or i should use the key that i found at the bottom of notification page?
If I have to use the last one, how can i do with real user key?

I tried to use both key (app's key and user's notifications key) and it works only with the last one (obviously works with only one key and not with both) 

Someone can help me?

Reply 1 (1)
Visely-Team
Shopify Partner
1843 210 476

Hey there,

You should use the app's credentials (key). How do you create the webhooks? Manually, through Store Front's admin? I assume yes, hence it works with your second key.

You have to create the webhooks using the access token that has been granted to you by Store Front at installation time and admin api - https://help.shopify.com/en/api/reference/events/webhook - if you want them available to your app.

Hope that helps!

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog