Re: Invalid shop parameter at app install

Invalid shop parameter at app install

tikhon
Shopify Partner
15 3 1
I'm a developer of an app in Shopify Store. A few weeks ago my app started to receive strange install requests. Here is an example of a normal request:
 
?hmac=7c2f329739793347f629a43594cfc309088807ea9ab08b07d879b24f1f6c2e7a&host=ZGV3aW5lc3BvdC6teXNob3BpZnkuY29tL2FkbWlu&shop=someshop.myshopify.com&timestamp=1679386092
 
And this is the strange one:

?hmac=7q0Z426403752997x593x53631pto933473703DL0pD84s91n473q75w3X8Y5n5J&host=bGH6nH0LP1UfZh0IZnIec0QcdCgjG68ZB5biNOEf&shop=aoDVFYxDyQ.wYQAmRvqU.CCT&timestamp=8832354441
 
Could anyone advise what type of encoding of the shop and timestamp parameter is it?
I can not find any information about it (https://shopify.dev/docs/apps/auth/oauth/getting-started)
 
Thank you in advance
Replies 3 (3)

Weaverse
Shopify Partner
80 25 35

I think you can use the `sanitizeShop` function from shopify-js-api to prevent this problem. Here is the link to the code: https://github.com/Shopify/shopify-api-js/blob/2e01ac6a383db6f3c9c574571f6b175eaa0ef517/lib/utils/sh...

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community
tikhon
Shopify Partner
15 3 1

Thank you. Is this strange shop paramete a kind of fraud? Can't figure out what's the point of it.

Weaverse
Shopify Partner
80 25 35

Well, somehow, I think it might be a test from Shopify to see whether the app is implemented correctly or not 😁

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community