Automated webhook check failing on HMAC verification - wrong HTTP status code returned

Automated webhook check failing on HMAC verification - wrong HTTP status code returned

YashVegad
Shopify Partner
4 0 0

Hi, I'm looking for help with an error that I receive when running an automated check for common errors on "Implement an HMAC signature to verify webhooks". It says that I'm returning the wrong HTTP status code - HTTP 200 instead of the expected HTTP 401 for an invalid Shopify HMAC header.

I'm also using Remix for this app. I've tried using the Remix template at https://github.com/Shopify/shopify-app-template-remix as a reference, as well as the documentation here https://shopify.dev/docs/api/shopify-app-remix/v2/guide-webhooks which makes use of the "authenticate.webhook(request)" function as documented here https://shopify.dev/docs/api/shopify-app-remix/v2/authenticate/webhook . 


My current webhook.jsx file looks like this:

import { authenticate } from "../shopify.server";
import db from "../db.server";

export const action = async ({ request }) => {
const { topic, shop, session, admin } = await authenticate.webhook(request);

if (!admin) {
// The admin context isn't returned if the webhook fired after a shop was uninstalled.
throw new Response();
}

switch (topic) {
case "APP_UNINSTALLED":
if (session) {
await db.session.deleteMany({ where: { shop } });
}

break;
case "CUSTOMERS_DATA_REQUEST":
break;
case "CUSTOMERS_REDACT":
break;
case "SHOP_REDACT":
break;
default:
throw new Response("Unhandled webhook topic", { status: 404 });
}

throw new Response();
};

 (The code in the documentation is without the "break;" in between each webhook endpoint that you can see in my code, but I've included it to show that I've also tried that, as it was another suggested solution which didn't work for me.) Any help is much appreciated. Thanks!

Replies 0 (0)