Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I'm trying to implement the HMAC validation for calls to my mandatory webhooks. However I'm finding that I'm just not getting the HMAC header in the request. Has anyone else had this problem?
Hello,
do you mean that you cannot find X-Shopify-Hmac-SHA256 in the response (not the request) headers?
If that's the case, I could investigate your case further. Could you please DM the date of your test, the topic, and store involved?
Thanks
To learn more visit the Shopify Help Center or the Community Blog.
Hello again and thanks for your patience,
I've been trying to reproduce your issue.
The HMAC header leaves our servers in my tests, but I've observed that our software does some transformation to these that might be not reverted on your side.
(Due to the special nature of mandatory webhooks, they use a different path and this only applies to them)
If X-Shopify-Hmac-SHA256 is not present, would you mind trying if you receive HTTP_X_SHOPIFY_HMAC_SHA256 (all capitals and underscored) ?
Thanks!
To learn more visit the Shopify Help Center or the Community Blog.
Hello ,
I am getting `X-Shopify-Hmac-SHA256` header blank before creating charge after auth/callback. I am using node js
Can you please share the proper sample code or Any link?
I am stuck on this since hours 🙂
Thanks
Girish | Shopify Expert
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- My Shopify Apps: App Store | Looking for a solution to a problem in your store? Send me an email
Hi,
I'm sorry but I really have no idea why it suddenly started working. All I would say is to just double check that you've typed the header name correctly. The line in my C# code which gets the header is:
var headerValues = Request.Headers.GetValues("X-Shopify-Hmac-Sha256");
Jacqui