App must verify the authenticity of the request from Shopify

todrick
Shopify Partner
4 0 1

I got rejected because of App must verify the authenticity of the request from Shopify.

 

Message: 

Expected HTTP 401 (Unauthorized), but got HTTP 404 from https://enformant.app/webhooks/uninstall. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about securing mandatory GDPR webhooks

 

..but going to that link does return 401 response. any thoughts??

Replies 2 (2)

cdarne
Shopify Staff
30 5 14

Hey Todrick,

 

Thanks for contacting us. From the situation you explained and after a quick test: the URL you're providing does respond a 401 on GET requests but not on POST request (it responds with a 404)! You'd just need to make the endpoint handle POST requests (all webhooks are sent with that method).

 

I hope this solves your problem!

 

Cheers!

 

Cédric | Developer @ Shopify

To learn more visit the Shopify Help Center or the Community Blog.

hassanharoon86
Shopify Partner
6 0 0

Hi, if you're working in ruby on rails.

You can try including WebhookVerification module from shopify app gem by adding the following line to your webhooks controller:

include ShopifyApp::WebhookVerification


This module has a before action which verifies the requests against the hmac header and returns 401 unauthorized in case request wasn't sent from shopify.