Shopify Discussion

srai · ‎11-07-2021

We are trying to find a way to secure Payments extensions - "Payment URLs" for our Shopify App for these:

Payment session URL
Refund session URL
Capture session URL
Void session URL

These are pointing to internal API endpoints on our end. We need a way to add "x-api-key" header to the requests to secure the calls on our API Gateway from Shopify redirects. How can we do that?

Or do you recommend an alternative way?

srai · ‎11-08-2021

How do you secure the above calls from Shopify? There doesn't seem to be a way to add headers to these calls.

srai · ‎12-15-2021

Use mTLS: https://shopify.dev/apps/payments/general-transaction-requirements#mtls-configuration

Shopify Discussion

Shopify App: Payments extensions - Payment URLs secure with x-api-key header?

Shopify App: Payments extensions - Payment URLs secure with x-api-key header?

Re: Shopify App: Payments extensions - Payment URLs secure with x-api-key header?

Re: Shopify App: Payments extensions - Payment URLs secure with x-api-key header?

Shopify Community

Support

Shopify

Quick Links