How to verify webhook token by C#

Shopify Partner
4 0 0

Hi there,

I am following this link 

But cannot find the C# demo. Nevertheless the PHP demo can reflect the logic. Just the parameter $data is not very clear. Is it the request header or the body?

function verify_webhook($data, $hmac_header)
  $calculated_hmac = base64_encode(hash_hmac('sha256', $data, SHOPIFY_APP_SECRET, true));
  return hash_equals($hmac_header, $calculated_hmac);


Replies 3 (3)

Shopify Staff
297 31 90


Data is the request body. The following code snippet, also found in the tutorial you linked, shows how data is set in Ruby.

# Respond to HTTP POST requests sent to this web service
post '/' do
  data =
  verified = verify_webhook(data, env["HTTP_X_SHOPIFY_HMAC_SHA256"])

  # Output 'true' or 'false'
  puts "Webhook verified: #{verified}"

You should use the same concept to get the body of the request in C#!

To learn more visit the Shopify Help Center or the Community Blog.

Shopify Partner
4 0 0

Hi mate,

Thank you for your response. 

I have understood that the content is the request Body and, my C# code about encrypt and encode works as well eventually. 

Thanks again.

Shopify Partner
660 0 130

You might want to use the great ShopifySharp library.