It looks like the GDPR webhooks do not include the "x-shopify-hmac-sha256" headers, so how can we be sure the request is safe to be executed? only by knowing the shop_id, anyone can send a "shop/redact" to an known endpoint to delete the shop data...
I am getting `X-Shopify-Hmac-SHA256` header blank before creating charge after auth/callback.
Can you please share the proper sample code or Any link?
I am stuck on this since hours 🙂