Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I got rejected because of App must verify the authenticity of the request from Shopify.
Message:
Expected HTTP 401 (Unauthorized), but got HTTP 404 from https://enformant.app/webhooks/uninstall. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about securing mandatory GDPR webhooks
..but going to that link does return 401 response. any thoughts??
Hey Todrick,
Thanks for contacting us. From the situation you explained and after a quick test: the URL you're providing does respond a 401 on GET requests but not on POST request (it responds with a 404)! You'd just need to make the endpoint handle POST requests (all webhooks are sent with that method).
I hope this solves your problem!
Cheers!
Cédric | Developer @ Shopify
To learn more visit the Shopify Help Center or the Community Blog.
Hi, if you're working in ruby on rails.
You can try including WebhookVerification module from shopify app gem by adding the following line to your webhooks controller:
include ShopifyApp::WebhookVerification
This module has a before action which verifies the requests against the hmac header and returns 401 unauthorized in case request wasn't sent from shopify.