Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

App must verify the authenticity of the request from Shopify

App must verify the authenticity of the request from Shopify

todrick
Shopify Partner
4 0 1

I got rejected because of App must verify the authenticity of the request from Shopify.

 

Message: 

Expected HTTP 401 (Unauthorized), but got HTTP 404 from https://enformant.app/webhooks/uninstall. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about securing mandatory GDPR webhooks

 

..but going to that link does return 401 response. any thoughts??

Replies 2 (2)

cdarne
Shopify Staff
30 5 14

Hey Todrick,

 

Thanks for contacting us. From the situation you explained and after a quick test: the URL you're providing does respond a 401 on GET requests but not on POST request (it responds with a 404)! You'd just need to make the endpoint handle POST requests (all webhooks are sent with that method).

 

I hope this solves your problem!

 

Cheers!

 

Cédric | Developer @ Shopify

To learn more visit the Shopify Help Center or the Community Blog.

hassanharoon86
Shopify Partner
6 0 0

Hi, if you're working in ruby on rails.

You can try including WebhookVerification module from shopify app gem by adding the following line to your webhooks controller:

include ShopifyApp::WebhookVerification


This module has a before action which verifies the requests against the hmac header and returns 401 unauthorized in case request wasn't sent from shopify.