FROM CACHE - en_header
Promotion image

How do I authenticate a webhook in PHP?

Solved

How do I authenticate a webhook in PHP?

allanyip
Shopify Partner
6 0 2
‎06-14-2022 09:26 AM

Hi!

 

I created a webhook and subscribed to the topic `create_order` via the Shopify Admin. Hmac validation goes well as I'm getting a "verified" message 🙂

 

Now I would like to expand my webhook code by retrieving data from a Shopify endpoint. However, in order to retrieve data, the webhook must be authenticated. How do I authenticate? I can only find the `authorization code` way to do so, but that means somewhere in the flow a login screen pops up. I know that `client credentials` is not possible as far as I know.

 

I have written the webhook in vanilla PHP, so no framework. 

 

Thanks in advance!

 

Allan

3,199 Views
0 Likes
Report
Accepted Solution (1)

noahsark769
Shopify Partner
6 1 2
‎06-15-2022 07:53 PM

This is an accepted solution.

If I'm understanding correctly, you'll need to make a request to the Shopify API when your server receives the webhook. In order to do this, you'll need to already have generated an API access token - usually this should happen when the user installs the Shopify app. When you've saved that token in your database, you can use it when you receive the valid webhook to call the API. There's some info about how to get these tokens and authenticate here: https://shopify.dev/apps/auth

replo.app helps merchants customize their Shopify storefronts - always feel free to reach out!

View solution in original post

3,163 Views
0 Likes
Report
Replies 2 (2)

noahsark769
Shopify Partner
6 1 2
‎06-15-2022 07:53 PM

This is an accepted solution.

If I'm understanding correctly, you'll need to make a request to the Shopify API when your server receives the webhook. In order to do this, you'll need to already have generated an API access token - usually this should happen when the user installs the Shopify app. When you've saved that token in your database, you can use it when you receive the valid webhook to call the API. There's some info about how to get these tokens and authenticate here: https://shopify.dev/apps/auth

replo.app helps merchants customize their Shopify storefronts - always feel free to reach out!
3,164 Views
0 Likes
Report
In response to noahsark769

allanyip
Shopify Partner
6 0 2
‎06-22-2022 04:08 AM

Thanks for your help Noahsark!

 

Since my webhook code and frontend code do not share the same stack, I've delegated the access token from the frontend to the backend by using Redis. Now I'm able to call the Shopify API, because I have the token there. 

3,148 Views
0 Likes
Report

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Verification requirement deadline fast approaching for Shopify Payments Can...

In Canada, payment processors, like those that provide payment processing services t...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy