HMAC signature is undefined

HMAC signature is undefined

1 0 0

I have a nodejs app that gets order callbacks from our shopify store. It is working fine, but I've gotten several errors today from orders that come in and the signature (result from req.get('X-Shopify-Hmac-Sha256'); ) is "undefined".

Why would this be? What is this source of this POST request? Here's a code snippet.


// We'll compare the hmac to our own hash
    hmac = req.get('X-Shopify-Hmac-Sha256');
    console.log(`signature from order post: ${hmac}`);
    // Use raw-body to get the body (buffer)
    const body = JSON.stringify(req.body);
    // Create a hash using the body and our key
    hash = crypto
      .createHmac('sha256', SHOPSECRET)
      .update(req.rawbody, 'utf8', 'hex')


The log is showing this:

signature from order post: undefined


where it would normally show the actual signature. 
Anybody ever see this in their apps? Clearly I'm getting posts that are unsigned, would would indicate some sort of bad actor doing bad things! Any recommendations on what action I might want to take here? 

Reply 1 (1)

Shopify Partner
82 3 8

Even i am facing the same issue. Did you found any solution?

Girish | Shopify Expert  
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - My Shopify Apps: App Store | Looking for a solution to a problem in your store? Send me an email