Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
Hello,
I am trying to understand how the mandatory webhooks work.
As far as I understand, looking at the customers/data_request:
Shopify will send a POST request to: {myapp}.api/customers/data_request
And the content of the request will be:
To which my app should respond with a statuscode of 200. Inside the app I dont have to do anything.
Where I'm stuck is, i suppose i should return some data as well? But im not sure what data should be returned. What is the content suppose to look like?
Looking at the customer/redact endpoint, its pretty clear.
The content of the POST request has customer information in it that I am suppose to delete from my app.
If looking at the shop/redact endpoint, Shopify will send another POST request with data, and inside my app i am suppose to delete the data corresponding to that shop?
If im right, the last 2 endpoints are clear but the first one im still not sure about.
Will appreciate any help!
Solved! Go to the solution
This is an accepted solution.
The GDPR webhooks don't require any response body. They may require you to do something outside your application. For example, if you get a request to redact customer data you respond with an HTTP 200 as an indication that you've done so. It's on you to actually go and redact the customer data.
Likewise, if there's a customer data request you will provide the customer data to the customer themselves. This might mean manually searching your database and then emailing the customer if you have no automation implemented. The webhook just gets an HTTP 200 response.
hey mate!
just do the below
```
I am using Bubble.io. No way to code in there. I can manage to response but i am just wondering what i am suppose to send back
ah ok i am no help as i have no idea how bubble.io works. You just need some way to return a successful response
This is an accepted solution.
The GDPR webhooks don't require any response body. They may require you to do something outside your application. For example, if you get a request to redact customer data you respond with an HTTP 200 as an indication that you've done so. It's on you to actually go and redact the customer data.
Likewise, if there's a customer data request you will provide the customer data to the customer themselves. This might mean manually searching your database and then emailing the customer if you have no automation implemented. The webhook just gets an HTTP 200 response.
we are rejected ,because our app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response code when rejecting a request that has an invalid digest. how to understand?
@chendongyang wrote:we are rejected ,because our app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response code when rejecting a request that has an invalid digest. how to understand?
The docs cover it e.g. here: https://shopify.dev/apps/webhooks/configuration/https#step-5-verify-the-webhook