Have your say in Community Polls: What was/is your greatest motivation to start your own business?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

How to verify webhook token by C#

How to verify webhook token by C#

bl-shopify_Admi
Shopify Partner
4 0 0

Hi there,

I am following this link https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook 

But cannot find the C# demo. Nevertheless the PHP demo can reflect the logic. Just the parameter $data is not very clear. Is it the request header or the body?

function verify_webhook($data, $hmac_header)
{
  $calculated_hmac = base64_encode(hash_hmac('sha256', $data, SHOPIFY_APP_SECRET, true));
  return hash_equals($hmac_header, $calculated_hmac);
}

 

Replies 3 (3)

Zameer
Shopify Staff
297 31 90

Hey!

Data is the request body. The following code snippet, also found in the tutorial you linked, shows how data is set in Ruby.

# Respond to HTTP POST requests sent to this web service
post '/' do
  request.body.rewind
  data = request.body.read
  verified = verify_webhook(data, env["HTTP_X_SHOPIFY_HMAC_SHA256"])

  # Output 'true' or 'false'
  puts "Webhook verified: #{verified}"
end

You should use the same concept to get the body of the request in C#!

To learn more visit the Shopify Help Center or the Community Blog.

bl-shopify_Admi
Shopify Partner
4 0 0

Hi mate,

Thank you for your response. 

I have understood that the content is the request Body and, my C# code about encrypt and encode works as well eventually. 

Thanks again.

ClementG
Shopify Partner
660 0 130

You might want to use the great ShopifySharp library.

https://github.com/nozzlegear/ShopifySharp