App reviews, troubleshooting, and recommendations
I have registered some webhooks via the REST API accessed using the Admin API access key from the custom developed app. (No partner, no OAuth). Which secret am I supposed to use to generate the webhook SHA256 for validation? I only have Admin API access token and API secret key, no Client Secret as mentioned in the docs.
Both the Admin API access token and API secret key generate different hashes.
I am helpless. Any ideas?
Validate the HMAC from request header.
Hi,
you can try this code.By the way,the code dev with python.
1. the "data" args, is your request body with bytes.
2. the "hmac_header" from your request header with key "x-shopify-hmac-sha256".
import base64
import hashlib
import hmac
def verify_webhook(data, hmac_header):
digest = hmac.new({Use your secret key here}.encode("utf-8"), data, digestmod=hashlib.sha256).digest()
computed_hmac = base64.b64encode(digest)
return hmac.compare_digest(computed_hmac, hmac_header.encode("utf-8"))
Starting a B2B store is a big undertaking that requires careful planning and execution. W...
By JasonH Sep 23, 2024By investing 30 minutes of your time, you can unlock the potential for increased sales,...
By Jacqui Sep 11, 2024We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024