Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
We are implementing the GDPR webhook endpoints in our app and are wondering exactly how to respond to the "customers/data_request" webhook. From the documentation, the request payload looks like this:
{ "shop_id": 954889, "shop_domain": "{shop}.myshopify.com", "orders_requested": [299938, 280263, 220458], "customer": { "id": 191167, "email": "john@example.com", "phone": "555-625-1199" }, "data_request": { "id": 9999 } }
Would our webhook respond with full order data (including "shipping_address", "billing_address", "customer", etc. fields) for the three orders referenced under "orders_requested"?
{ "orders": [ { // Full Shopify order data here for order 299938 }, { // Full Shopify order data here for order 280263 }, { // Full Shopify order data here for order 220458 } ] }
Or, would the webhook extract just the "customer" field (object) and return that for each referenced order?
{ "orders": [ { "id": 299938, "customer": { "id": 6380400443630, "email": "customer@example.com", "accepts_marketing": false, "created_at": "2023-03-22T09:57:02-07:00", "updated_at": "2023-03-22T09:57:02-07:00", "first_name": "Example", "last_name": "Customer", "orders_count": 13, "state": "disabled", "total_spent": "13.00", "last_order_id": 5077155873006, "note": null, "verified_email": true, "multipass_identifier": null, "tax_exempt": false, "tags": "", "last_order_name": "#1013", "currency": "USD", "phone": null, "accepts_marketing_updated_at": "2023-03-22T09:57:02-07:00", "marketing_opt_in_level": null, "tax_exemptions": [], "email_marketing_consent": { "state": "not_subscribed", "opt_in_level": "single_opt_in", "consent_updated_at": null }, "sms_marketing_consent": null, "admin_graphql_api_id": "gid://shopify/Customer/6380400443630", "default_address": { "id": 7954574639342, "customer_id": 6380400443630, "first_name": "Example", "last_name": "Customer", "company": "", "address1": "", "address2": "", "city": "", "province": "Alabama", "country": "United States", "zip": "", "phone": "", "name": "Example Customer", "province_code": "AL", "country_code": "US", "country_name": "United States", "default": true } } }, { "id": 280263, "customer": { // etc } }, { "id": 220458, "customer": { // etc } } ] }
I think just a 200 is ok with an empty body. It means you have received the webhook and you have processed it form your side.
This is how we have it now in a 1 year old custom .net implementation.
Question:
But i wanted to ask you Chad how did you setup your gdpr webhooks in your nodejs/react project and panel?
Because we are trying like 2 weeks now without any success.
Panel side: GDPR webhooks urls are what?
- api/webhooks? the callback url in gdpr.js?
- webhooks/your-custom-url?
- /your-custom-url?
Nodejs/React Project: GDPR webhooks come at gdpr.js but i cant seem them to be registered.
So we tried having them in public urls -> no success
We also tried having them in api "protected" urls -> no success
Also while making these changes, we change the admin panel settings above to change the urls.
Any ideas or how did you do it?