Question about mandatory GDPR webhooks for app review

Question about mandatory GDPR webhooks for app review

triplesingle
Shopify Partner
18 0 1

With respect to the mandatory GDPR webhooks in this link (https://shopify.dev/docs/apps/build/privacy-law-compliance)

Is my understanding correct that my endpoint just needs to return a status code 200 and that I don't need any actual logic besides giving a 401 if the HMAC is wrong?

Replies 2 (2)

Brett_Helium
Shopify Partner
238 45 102

Hey @triplesingle,

 

Besides responding to the webhook with a 200 or 401, you will also need to make sure to need to actually complete the request by providing or redacting the indicated data within 30 days (https://shopify.dev/docs/apps/build/privacy-law-compliance#respond-to-compliance-webhooks)

Brett | Helium
Helium builds apps that thousands of merchants depend on:
- Customer Fields ✪✪✪✪✪ (350+ reviews)
- Meteor Mega Menu ✪✪✪✪✪ (280+ reviews)
triplesingle
Shopify Partner
18 0 1

Hi Brett, thanks for the advice!

My app does not collect any store or user data so I think I should be good with just providing the status code?