App reviews, troubleshooting, and recommendations
I have registered some webhooks via the REST API accessed using the Admin API access key from the custom developed app. (No partner, no OAuth). Which secret am I supposed to use to generate the webhook SHA256 for validation? I only have Admin API access token and API secret key, no Client Secret as mentioned in the docs.
Both the Admin API access token and API secret key generate different hashes.
I am helpless. Any ideas?
Validate the HMAC from request header.
Hi,
you can try this code.By the way,the code dev with python.
1. the "data" args, is your request body with bytes.
2. the "hmac_header" from your request header with key "x-shopify-hmac-sha256".
import base64
import hashlib
import hmac
def verify_webhook(data, hmac_header):
digest = hmac.new({Use your secret key here}.encode("utf-8"), data, digestmod=hashlib.sha256).digest()
computed_hmac = base64.b64encode(digest)
return hmac.compare_digest(computed_hmac, hmac_header.encode("utf-8"))
We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024The Hydrogen Visual Editor is now available to merchants in Shopify Editions | Summer '...
By JasonH Sep 2, 2024