Can't create webhooks using Private App API keys.

2 0 0


I'm trying to automate the creation of webhook subscriptions for different stores (and different topics). Our application makes use of private apps API key/password to create and update products. We are now trying to get notifications on order changes using the webhooks API.

I'm making some tests and I'm not able to create a webhook subscription using the API

It always says that the Address for the given topic (orders/create in this case) has already been taken.

I'm instantiating a new session on behalf of a particular shop, using API key and Password for Basic authentication. 

On the other hand, when I create the subscription through the Admin panel, I'm able to create the subscription, but with no luck using the API. We're using Ngrok for receiving HTTPS requests, and when I create the subscription using the Admin panel and send the notification test, I get the request correctly.

Am I missing something? Is it possible to create webhook subscriptions using a private app's API key and password? With the test request, I'm also able to validate the request and all.

Thanks in advance!

Replies 4 (4)

Shopify Partner
595 82 126

you can not create webhook subscriptions using a private app's API key and password.
You can do only operation with only APIs that is listed on ADMIN API PERMISSIONS based on read, write or read/write permission. 
refer attached image


If helpful then please Like and Accept Solution.
Skype: jivan.suhagiya
First kind of Checkout Reminder APP:

2 0 0

I see. I appreciate your help Jivan.

I guess that's why we cannot validate the webhook request using the shared secret created along with the private app's API key and password, right?

We have already decided to create the subscriptions manually using the admin panel and started using the secret shown when you create a new subscription.

Although we receive lots of POST requests that fail to validate the when using either shared secret. Is that a normal behavior?

def valid?(secret, body, hmac) do
  :crypto.hmac(:sha256, shop.api_secret, body)
  |> Base.encode64
  |> String.equivalent?(hmac)

First, we used the shared secret given by the private app but had no luck validating the request. Then switched and started using the one that is shown when the subscription is created and we could validate the requests, the thing is that we suddenly get multiple requests that fail the validation.

Does that sound familiar?

Thanks in advance!

Shopify Partner
61 4 14

You CAN create a webhook using Private API keys.


(Im on ruby on rails using ShopifyAPI gem)

First Connect with from your app to your store:


shop_url =  “https://[APIKEY]:[password]@[SHOPDOMAIN] = shop_url

ShopifyAPI::Base.api_version = '2020-01'


Then Create your Webhook 




New Member
8 0 0

I,m new on shopify and i,m creating a private app for my store using react native. I have no idea how to add notifications in our app. Plz help me how we can add notification for our private app? I,m confused please guide me in this case. Because i didn,t know that shopify provides any api's or prerequisite to add notifications for private apps. Is there option to add OneSignal or firebase push notifications or any shopify api to add notifications. Thanks in advance for help.