Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I have a nodejs app that gets order callbacks from our shopify store. It is working fine, but I've gotten several errors today from orders that come in and the signature (result from req.get('X-Shopify-Hmac-Sha256'); ) is "undefined".
Why would this be? What is this source of this POST request? Here's a code snippet.
// We'll compare the hmac to our own hash
hmac = req.get('X-Shopify-Hmac-Sha256');
console.log(`signature from order post: ${hmac}`);
// Use raw-body to get the body (buffer)
const body = JSON.stringify(req.body);
if(SENDJSON===true){
sendOrderEmail(body);
}
// Create a hash using the body and our key
hash = crypto
.createHmac('sha256', SHOPSECRET)
.update(req.rawbody, 'utf8', 'hex')
.digest('base64');
The log is showing this:
signature from order post: undefined
where it would normally show the actual signature.
Anybody ever see this in their apps? Clearly I'm getting posts that are unsigned, would would indicate some sort of bad actor doing bad things! Any recommendations on what action I might want to take here?
Even i am facing the same issue. Did you found any solution?
Girish | Shopify Expert
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- My Shopify Apps: App Store | Looking for a solution to a problem in your store? Send me an email