Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

API returns 303 when calling DELETE against webhook

Solved

API returns 303 when calling DELETE against webhook

Marko-P
Shopify Partner
2 0 0

Hello all, I'm getting strange responses when attempting to remove my webhook subscription via the API. Referring to the docs: https://help.shopify.com/en/api/reference/events/webhook

 

DELETE /admin/api/2019-10/webhooks/#{webhook_id}.json

Heres the request:

curl -v -X DELETE -H "Authorization: Basic snippedbase64=" "https://foo.myshopify.com/admin/api/2019-10/webhooks/#723362283595.json"

Response:

< HTTP/1.1 303 See Other
< Date: Tue, 19 Nov 2019 16:11:06 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=snip; expires=Wed, 18-Nov-20 16:11:05 GMT; path=/; domain=.myshopify.com; HttpOnly
< X-Sorting-Hat-PodId: 74
< X-Sorting-Hat-ShopId: 27865022539
< Referrer-Policy: origin-when-cross-origin
< X-Frame-Options: DENY
< X-ShopId: 27865022539
< X-ShardId: 74
< Cache-Control: no-cache, no-store
< Location: https://foo.myshopify.com/admin/auth/login
< Strict-Transport-Security: max-age=7889238
< Set-Cookie: _secure_admin_session_id_csrf=e795dcbdd8589c91970b85b2b940d578; path=/admin; expires=Wed, 19 Feb 2020 16:11:05 -0000; secure; HttpOnly; SameSite=Lax
< X-Request-Id: 531742ca-4659-40d1-bc92-a9f85052ed97
< X-Shopify-Stage: production
< Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopify.cn https://checkout.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin&source%5Buuid%5D=531742ca-4659-40d1-bc92-a9f85052ed97
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin&source%5Buuid%5D=531742ca-4659-40d1-bc92-a9f85052ed97
< X-Dc: gcp-us-east1,gcp-us-east1
< NEL: {"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
< Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
< set-cookie: request_method=DELETE; path=/
< set-cookie: _secure_admin_session_id=snip; path=/admin; expires=Wed, 19 Feb 2020 16:11:05 -0000; secure; HttpOnly
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 5383754198b4bbfa-LHR
<
* Connection #0 to host foo.myshopify.com left intact
<html><body>You are being <a href="https://foo.myshopify.com/admin/auth/login">redirected</a>.</body></html>

 

What is strange about the request is that it isn't getting the auth layer and few tweaks to the URI isn't returning errors, take:

 

curl -v -X DELETE -H "Authorization: Basic snippedbase64=" "https://foo.myshopify.com/admin/api/2019-10-FOOOOOOOO/webhooksssssssssssssss/#723362283595.json"

 

Thanks

Mark.

 

 

 

 

 

Accepted Solution (1)

Visely-Team
Shopify Partner
1843 210 488

This is an accepted solution.

Remove # in front of the webhook ID, i.e.:

https://foo.myshopify.com/admin/api/2019-10/webhooks/723362283595.json
Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

View solution in original post

Replies 2 (2)

Visely-Team
Shopify Partner
1843 210 488

This is an accepted solution.

Remove # in front of the webhook ID, i.e.:

https://foo.myshopify.com/admin/api/2019-10/webhooks/723362283595.json
Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
Marko-P
Shopify Partner
2 0 0

I can't believe I didn't consider to remove the hash!

All working. Thank you.