Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Re: How to verify webhook token by C#

How to verify webhook token by C#

bl-shopify_Admi
Shopify Partner
4 0 0

Hi there,

I am following this link https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook 

But cannot find the C# demo. Nevertheless the PHP demo can reflect the logic. Just the parameter $data is not very clear. Is it the request header or the body?

function verify_webhook($data, $hmac_header)
{
  $calculated_hmac = base64_encode(hash_hmac('sha256', $data, SHOPIFY_APP_SECRET, true));
  return hash_equals($hmac_header, $calculated_hmac);
}

 

Replies 3 (3)

Zameer
Shopify Staff
297 31 90

Hey!

Data is the request body. The following code snippet, also found in the tutorial you linked, shows how data is set in Ruby.

# Respond to HTTP POST requests sent to this web service
post '/' do
  request.body.rewind
  data = request.body.read
  verified = verify_webhook(data, env["HTTP_X_SHOPIFY_HMAC_SHA256"])

  # Output 'true' or 'false'
  puts "Webhook verified: #{verified}"
end

You should use the same concept to get the body of the request in C#!

To learn more visit the Shopify Help Center or the Community Blog.

bl-shopify_Admi
Shopify Partner
4 0 0

Hi mate,

Thank you for your response. 

I have understood that the content is the request Body and, my C# code about encrypt and encode works as well eventually. 

Thanks again.

ClementG
Shopify Partner
660 0 130

You might want to use the great ShopifySharp library.

https://github.com/nozzlegear/ShopifySharp