Solved

Mandatory webhooks GDPR

genaaiv
New Member
4 0 0

Hello,

 

I am trying to understand how the mandatory webhooks work.

 

 

As far as I understand, looking at the customers/data_request:

Shopify will send a POST request to: {myapp}.api/customers/data_request

And the content of the request will be:

genaaiv_0-1657973681626.png

 

 

To which my app should respond with a statuscode of 200. Inside the app I dont have to do anything.

 

Where I'm stuck is, i suppose i should return some data as well? But im not sure what data should be returned. What is the content suppose to look like?

 

Looking at the customer/redact endpoint, its pretty clear.

The content of the POST request has customer information in it that I am suppose to delete from my app. 

 

If looking at the shop/redact endpoint, Shopify will send another POST request with data, and inside my app i am suppose to delete the data corresponding to that shop?

 

 

If im right, the last 2 endpoints are clear but the first one im still not sure about.

Will appreciate any help!

Accepted Solution (1)

few_meaning
Shopify Partner
20 3 2

This is an accepted solution.

The GDPR webhooks don't require any response body. They may require you to do something outside your application. For example, if you get a request to redact customer data you respond with an HTTP 200 as an indication that you've done so. It's on you to actually go and redact the customer data.

 

Likewise, if there's a customer data request you will provide the customer data to the customer themselves. This might mean manually searching your database and then emailing the customer if you have no automation implemented. The webhook just gets an HTTP 200 response.

View solution in original post

Replies 6 (6)

codewithpaul
Shopify Partner
123 13 22

hey mate!

 

just do the below

```

res.status(200).send();
```
Don't need to send any data
If I helped then please Like and Accept the Solution
Contact me at contact@codewithpaul.com
For Shopify Design Changes | Shopify App Development | Custom Modifications Into Shopify Theme
genaaiv
New Member
4 0 0

I am using Bubble.io. No way to code in there. I can manage to response but i am just wondering what i am suppose to send back

codewithpaul
Shopify Partner
123 13 22

ah ok i am no help as i have no idea how bubble.io works. You just need some way to return a successful response

If I helped then please Like and Accept the Solution
Contact me at contact@codewithpaul.com
For Shopify Design Changes | Shopify App Development | Custom Modifications Into Shopify Theme

few_meaning
Shopify Partner
20 3 2

This is an accepted solution.

The GDPR webhooks don't require any response body. They may require you to do something outside your application. For example, if you get a request to redact customer data you respond with an HTTP 200 as an indication that you've done so. It's on you to actually go and redact the customer data.

 

Likewise, if there's a customer data request you will provide the customer data to the customer themselves. This might mean manually searching your database and then emailing the customer if you have no automation implemented. The webhook just gets an HTTP 200 response.

chendongyang
Shopify Partner
14 0 1

we are rejected ,because our app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response code when rejecting a request that has an invalid digest.  how to understand?

few_meaning
Shopify Partner
20 3 2

@chendongyang wrote:

we are rejected ,because our app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response code when rejecting a request that has an invalid digest.  how to understand?


The docs cover it e.g. here: https://shopify.dev/apps/webhooks/configuration/https#step-5-verify-the-webhook