Unable to configure GDPR and HMAC verification

Shopify Partner
3 0 1

I have made an app using the JavaScript remix template. I followed all the instructions on the GDPR webhooks as given in the documentation. After which, I deployed my app using fly.io. Now, when I go to submit my app, I am unable to pass the HMAC verification, can someone please help me configure these mandatory webhooks including which files I have to change and what configurations I have to do? I have already tried following many YouTube tutorials and also GitHub discussions of the issue, but nothing seems to do the job.

Replies 2 (2)

576 76 88

Hi @Sam188 ,
This is Theodore from PageFly - Shopify Page Builder App.

ou're having trouble with HMAC verification for Shopify webhooks in your Remix app deployed on Fly.io. Here's a quick guide:

1. Check Secret Key: Ensure you're using the correct secret key from Shopify, not a test key or one from another app.

2. Verify Webhook URL: Make sure the URL configured in Shopify matches the actual URL on Fly.io where your app receives webhooks (consider Fly.io routing).

3. Review Remix Code: Double-check your webhook receiving code (routes/loaders) for logic related to: - Extracting HMAC signature from request headers - Verifying the signature using the secret key against received data

4. Debug and Log: Use console.log or a logging library to capture webhook data and HMAC signature for comparison with Shopify's format.

Best regards,
Theodore | PageFly

Please let me know if it works by giving it a Like or marking it as a solution!

PageFly - #1 Page Builder for Shopify merchants.

All features are available from Free plan. Live Chat Support is available 24/7.

Shopify Partner
22 1 3

Can you show us how do you "Check Secret Key" ? please