NODEJS: Shopify Webhoook Validation without an APP

LORhys
Shopify Partner
4 0 0

Hey guys,

 

I've been trying to verify my Shopify web hooks that I have set up via Shopify -> Settings -> Notifications.

I'm trying to run a webhook once an Order is paid to connect to a fulfillment provider.

 

However, I seem to be stuck with the first task of validating the webhook.

For those who know, I am using Pipedream to validate and test the request but I've had no luck so far.

 

Now for the coding part:

The key I am using to try to calculate the authenticity of the webhook is the one specified below the web hooks in Shopify -> Settings -> Notifications. 

 

 

 

 

 

export default defineComponent({
  async run({ steps, $ }) {
    const hash = steps.trigger.event.headers["x-shopify-hmac-sha256"];
    const body = steps.trigger.event.body


    const hmac = crypto
    .createHmac('sha256', secretKey)
    .update(Buffer.from(JSON.stringify(body)), "utf8", "hex")
    .digest('base64')

    if(hash === hmac) {
      console.log("good");
    } else {
      console.log("bad")
    }

  }

 

 

 

 

 

 

 

I've seen several examples working with rawBody. From what I gather this is the body (that contains body.id = order id beneath it) as a Buffer in node.js

Therefore I have tried to convert the body, which is an object by the time I receive it, to a Sting and then to a buffer.

I tried parsing the String to the update() function, I've tried the body itself, I also played around with the parameters in update and added "utf8", "hex", separately and in combination. 


As I'm unsure whether the key found under the webhooks created in Shopify -> Settings -> Notifications I also tried using a token from a custom app and the secret etc. I just can't seem to find the right settings.


I am using an actual payload from the store to test however I am using one that's about an hour old.

 

Could anyone help me out here?


Thanks in advance!

Rhys

 

 

Reply 1 (1)

J-ROM
Shopify Staff (Retired)
66 6 8

Hi Rhys,

 

Unless these webhooks are related to Subscriptions, I think this question would be better asked in the Shopify API and SDKs forum.

Another developer asked about webhook validation in a NodeJS context that seems very similar to yours. Have you had a look at the Accepted Answer? Hopefully it will help you resolve this problem.

 

Cheers,
J-ROM

To learn more visit the Shopify Help Center or the Community Blog.