FROM CACHE - en_header
Promotion image
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Error Verify Webhooks In Node.js - AWS Lambda

Error Verify Webhooks In Node.js - AWS Lambda

Luis45
New Member
6 0 0
‎02-16-2022 10:34 AM

Hi, I have the following issue:


App must verify the authenticity of the request from Shopify.

Expected HTTP 401 (Unauthorized), but got HTTP 403 from https://******** Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about verifying a webhook
 
 
the code i am using is:

 

 

var CryptoJS = require("crypto-js");

exports.handler = async (event) => {

    const { webhook_verify_hash } = process.env;
//get the header with validation hash from webhook
    const hmac = event.headers ? 
        event.headers['X-Shopify-Hmac-Sha256'] || event.headers['x-shopify-hmac-sha256']
        : "";
        
    
    var statusCode = 400;
    
    let firma = CryptoJS.HmacSHA256(event.body, "shpss_*******");
    let calculatedHmac = firma.toString(CryptoJS.enc.hex);

    if (hmac == calculatedHmac) {
        console.log("se va a obtener el token");
        statusCode = 200
    } else {
         console.log("no obtiene el token");
         statusCode = 400
    }

    const response = {
        statusCode: statusCode
    };
    return response;
};

 

 

* How can I test the mandatory webhooks and verify the response that I receive?

Labels:
1,508 Views
0 Likes
Report
Replies 3 (3)

Luis45
New Member
6 0 0
‎02-16-2022 06:06 PM

to verify Hmac also used: 

 

exports.handler = async (event, context) => {
    let hmac = event.hmac;
   
    const bodyString2 = Buffer.from(event.body, "utf8").toString();
    var bodyForVerification = bodyString2.replace('/\\/g', '\\\\');

    let firma3 = CryptoJS.HmacSHA256(bodyForVerification, "****");
    var hashInBase643 = CryptoJS.enc.Base64.stringify(firma3);
    let calculatedHmacBase3 = hashInBase643.toString(CryptoJS.enc.hex);
    if(hmac == calculatedHmacBase3 {
    console.log("verificado");    
}
};

 but still the Hmac is different, HELP!!!

1,423 Views
0 Likes
Report
In response to Luis45

cdarne
Shopify Staff
30 5 14
‎02-16-2022 06:26 PM

Hey Luis45,

 

The problem could come several origins:

- the request body should not be changed

- the request body must be read using the utf8 encoding

- when you create the HMAC signature, the result must then be encoded in base64

 

I'm not a node.js specialist, but a common pattern I see in node app checking webhook is using the 'crypto' package like this:

const generatedHash = crypto.createHmac('sha256', API_SECRET_KEY)
    .update(reqBody, 'utf8')
    .digest('base64');

Also if you don't know it already, there's a npm package for shopify api and related code: https://github.com/Shopify/shopify-node-api.

There are event helpers to help deal with webhooks: https://github.com/Shopify/shopify-node-api/blob/main/docs/usage/webhooks.md#webhook-processing

 

I hope this helps you!

 

Cheers,

 

Cedric | Developer @ Shopify

To learn more visit the Shopify Help Center or the Community Blog.

1,417 Views
0 Likes
Report
In response to cdarne

Luis45
New Member
6 0 0
‎02-16-2022 10:18 PM

Hi  @cdarne ,  I'm using  the 'crypto-js' package and this  doesn't have the func "createHmac".  Search the module "'crypto" but I did not find it.  I need the module to upload it to the aws lambda

1,297 Views
0 Likes
Report
Terms of Service Privacy Policy