Solved

App submission failing at, App must verify the authenticity of the request from Shopify.

Anjali-Maru
Tourist
32 0 2

what is the meaning of this I can't understand what, Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest.

Accepted Solution (1)

Gavinator
Shopify Partner
1318 15 124

This is an accepted solution.

It means you are not verifying the HMAC header. See https://shopify.dev/apps/webhooks/configuration/https#verify-a-webhook

 

There are quite a few forum posts that show coding solutions in various programming flavors so a search may yield some tasty nuggets for you.

 

www.bookthatapp.com

View solution in original post

Replies 2 (2)

Gavinator
Shopify Partner
1318 15 124

This is an accepted solution.

It means you are not verifying the HMAC header. See https://shopify.dev/apps/webhooks/configuration/https#verify-a-webhook

 

There are quite a few forum posts that show coding solutions in various programming flavors so a search may yield some tasty nuggets for you.

 

www.bookthatapp.com
Anjali-Maru
Tourist
32 0 2

Hi @Gavinator 

 

I checked the document but where can I try to verify the header? I tried while installing the app but even if I change the secret key, the output is a blank screen.
Webhook I just have to uninstall the app and the shop update. 

 

$hmac_header = $request->has('hmac');
$data = file_get_contents('php://input');
$calculated_hmac = hash_hmac( 'sha256', $data, config('shopify.secret', true));
if ( $hmac_header != $calculated_hmac ) {
    dd("eroor");
}