Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I created a Shopify app by Shopify ruby template with this command
npm init @Shopify/app@latest -- --template=ruby
I followed instruction of this Doc https://github.com/Shopify/shopify-app-template-ruby
After setup when i run npm run dev to start server
i got these logs
15:16:32 │ web-frontend │
15:16:32 │ web-frontend │ > shopify-frontend-template-react@1.0.0 dev
15:16:32 │ web-frontend │ > vite
15:16:32 │ web-frontend │
15:16:32 │ web-frontend │
15:16:32 │ web-frontend │ VITE v4.5.0 ready in 332 ms
15:16:32 │ web-frontend │
15:16:32 │ web-frontend │ ➜ Local: http://localhost:40627/
15:16:32 │ webhooks │ Sending APP_UNINSTALLED webhook to app server
15:16:33 │ web-backend │ => Booting Puma
15:16:33 │ web-backend │ => Rails 7.0.8 application starting in development
15:16:33 │ web-backend │ => Run `bin/rails server --help` for more startup options
15:16:33 │ web-backend │ "Inside----------------------------------------- AppUniNstalled JOb"
15:16:33 │ web-backend │ Puma starting in single mode...
15:16:33 │ web-backend │ * Puma version: 5.6.7 (ruby 3.1.2-p20) ("Birdie's Version")
15:16:33 │ web-backend │ * Min threads: 5
15:16:33 │ web-backend │ * Max threads: 5
15:16:33 │ web-backend │ * Environment: development
15:16:33 │ web-backend │ * PID: 66023
15:16:33 │ web-backend │ * Listening on http://127.0.0.1:41021
15:16:33 │ web-backend │ * Listening on http://[::1]:41021
15:16:33 │ web-backend │ Use Ctrl-C to stop
15:16:35 │ web-backend │ Started POST "/api/webhooks" for 127.0.0.1 at 2023-12-01 15:16:35 +0530
15:16:35 │ web-backend │ ActiveRecord::SchemaMigration Pluck (0.1ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY
"schema_migrations"."version" ASC
15:16:35 │ web-backend │ "Insiede Application Controller"
15:16:35 │ web-backend │ Processing by HomeController#index as */*
15:16:35 │ web-backend │ Parameters: {"id"=>548380009, "name"=>"Super Toys", "email"=>"super@supertoys.com", "domain"=>nil,
"province"=>"Tennessee", "country"=>"US", "address1"=>"190 MacLaren Street", "zip"=>"37178", "city"=>"Houston", "source"=>nil,
"phone"=>"3213213210", "latitude"=>nil, "longitude"=>nil, "primary_locale"=>"en", "address2"=>nil, "created_at"=>nil, "updated_at"=>nil,
"country_code"=>"US", "country_name"=>"United States", "currency"=>"USD", "customer_email"=>"super@supertoys.com", "timezone"=>"(GMT-05:00)
Eastern Time (US & Canada)", "iana_timezone"=>nil, "shop_owner"=>"John Smith", "money_format"=>"${{amount}}",
"money_with_currency_format"=>"${{amount}} USD", "weight_unit"=>"kg", "province_code"=>"TN", "taxes_included"=>nil,
"auto_configure_tax_inclusivity"=>nil, "tax_shipping"=>nil, "county_taxes"=>nil, "plan_display_name"=>"Shopify Plus", "plan_name"=>"enterprise",
"has_discounts"=>false, "has_gift_cards"=>true, "myshopify_domain"=>nil, "google_apps_domain"=>nil, "google_apps_login_enabled"=>nil,
"money_in_emails_format"=>"${{amount}}", "money_with_currency_in_emails_format"=>"${{amount}} USD", "eligible_for_payments"=>true,
"requires_extra_payments_agreement"=>false, "password_enabled"=>"[FILTERED]", "has_storefront"=>true, "finances"=>true,
"primary_location_id"=>655441491, "checkout_api_supported"=>true, "multi_location_enabled"=>true, "setup_required"=>false,
"pre_launch_enabled"=>false, "enabled_presentment_currencies"=>["USD"], "transactional_sms_disabled"=>false,
"marketing_sms_consent_enabled_at_checkout"=>false, "path"=>"api/webhooks", "home"=>{"id"=>548380009, "name"=>"Super Toys",
"email"=>"super@supertoys.com", "domain"=>nil, "province"=>"Tennessee", "country"=>"US", "address1"=>"190 MacLaren Street", "zip"=>"37178",
"city"=>"Houston", "source"=>nil, "phone"=>"3213213210", "latitude"=>nil, "longitude"=>nil, "primary_locale"=>"en", "address2"=>nil,
"created_at"=>nil, "updated_at"=>nil, "country_code"=>"US", "country_name"=>"United States", "currency"=>"USD",
"customer_email"=>"super@supertoys.com", "timezone"=>"(GMT-05:00) Eastern Time (US & Canada)", "iana_timezone"=>nil, "shop_owner"=>"John Smith",
"money_format"=>"${{amount}}", "money_with_currency_format"=>"${{amount}} USD", "weight_unit"=>"kg", "province_code"=>"TN",
"taxes_included"=>nil, "auto_configure_tax_inclusivity"=>nil, "tax_shipping"=>nil, "county_taxes"=>nil, "plan_display_name"=>"Shopify Plus",
"plan_name"=>"enterprise", "has_discounts"=>false, "has_gift_cards"=>true, "myshopify_domain"=>nil, "google_apps_domain"=>nil,
"google_apps_login_enabled"=>nil, "money_in_emails_format"=>"${{amount}}", "money_with_currency_in_emails_format"=>"${{amount}} USD",
"eligible_for_payments"=>true, "requires_extra_payments_agreement"=>false, "password_enabled"=>"[FILTERED]", "has_storefront"=>true,
"finances"=>true, "primary_location_id"=>655441491, "checkout_api_supported"=>true, "multi_location_enabled"=>true, "setup_required"=>false,
"pre_launch_enabled"=>false, "enabled_presentment_currencies"=>["USD"], "transactional_sms_disabled"=>false,
"marketing_sms_consent_enabled_at_checkout"=>false}}
15:16:35 │ web-backend │ Can't verify CSRF token authenticity.
15:16:35 │ web-backend │ Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms | Allocations: 585)
15:16:35 │ web-backend │
15:16:35 │ web-backend │
15:16:35 │ web-backend │
15:16:35 │ web-backend │ ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):
15:16:35 │ web-backend │
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:253:in `handle_unverified_request'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:286:in `handle_unverified_request'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:275:in `verify_authenticity_token'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:400:in `block in make_lambda'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:199:in `block (2 levels) in halting'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:200:in `block in halting'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `block in invoke_before'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `each'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `invoke_before'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:116:in `block in run_callbacks'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:138:in `run_callbacks'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/abstract_controller/callbacks.rb:233:in `process_action'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/rescue.rb:23:in `process_action'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/instrumentation.rb:67:in `block in process_action'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/notifications.rb:206:in `block in instrument'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/notifications.rb:206:in `instrument'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/instrumentation.rb:66:in `process_action'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
15:16:35 │ web-backend │ activerecord (7.0.8) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/abstract_controller/base.rb:151:in `process'
15:16:35 │ web-backend │ actionview (7.0.8) lib/action_view/rendering.rb:39:in `process'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal.rb:188:in `dispatch'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal.rb:251:in `dispatch'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:32:in `serve'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/journey/router.rb:50:in `block in serve'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/journey/router.rb:32:in `each'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/journey/router.rb:32:in `serve'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:852:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/tempfile_reaper.rb:15:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/etag.rb:27:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/conditional_get.rb:40:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/head.rb:12:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/http/content_security_policy.rb:36:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/session/abstract/id.rb:266:in `context'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/session/abstract/id.rb:260:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/cookies.rb:704:in `call'
15:16:35 │ web-backend │ activerecord (7.0.8) lib/active_record/migration.rb:638:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/callbacks.rb:99:in `run_callbacks'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/executor.rb:14:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'
15:16:35 │ web-backend │ web-console (4.2.1) lib/web_console/middleware.rb:132:in `call_app'
15:16:35 │ web-backend │ web-console (4.2.1) lib/web_console/middleware.rb:28:in `block in call'
15:16:35 │ web-backend │ web-console (4.2.1) lib/web_console/middleware.rb:17:in `catch'
15:16:35 │ web-backend │ web-console (4.2.1) lib/web_console/middleware.rb:17:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'
15:16:35 │ web-backend │ railties (7.0.8) lib/rails/rack/logger.rb:40:in `call_app'
15:16:35 │ web-backend │ railties (7.0.8) lib/rails/rack/logger.rb:25:in `block in call'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/tagged_logging.rb:99:in `block in tagged'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/tagged_logging.rb:37:in `tagged'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/tagged_logging.rb:99:in `tagged'
15:16:35 │ web-backend │ railties (7.0.8) lib/rails/rack/logger.rb:25:in `call'
15:16:35 │ web-backend │ sprockets-rails (3.4.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/remote_ip.rb:93:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/request_id.rb:26:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/method_override.rb:24:in `call'
15:16:35 │ web-backend │ shopify_app (21.7.0) lib/shopify_app/middleware/jwt_middleware.rb:24:in `call_next'
15:16:35 │ web-backend │ shopify_app (21.7.0) lib/shopify_app/middleware/jwt_middleware.rb:12:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/runtime.rb:22:in `call'
15:16:35 │ web-backend │ activesupport (7.0.8) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:61:in `block in call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:26:in `collect_events'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:60:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/executor.rb:14:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/static.rb:23:in `call'
15:16:35 │ web-backend │ rack (2.2.8) lib/rack/sendfile.rb:110:in `call'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_dispatch/middleware/host_authorization.rb:138:in `call'
15:16:35 │ web-backend │ railties (7.0.8) lib/rails/engine.rb:530:in `call'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/configuration.rb:252:in `call'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/request.rb:77:in `block in handle_request'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/thread_pool.rb:340:in `with_force_shutdown'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/request.rb:76:in `handle_request'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/server.rb:443:in `process_client'
15:16:35 │ web-backend │ puma (5.6.7) lib/puma/thread_pool.rb:147:in `block in spawn_thread'
15:16:36 │ webhooks │ APP_UNINSTALLED webhook delivery failed
The Error is
15:16:35 │ web-backend │ Can't verify CSRF token authenticity.
15:16:35 │ web-backend │ Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms | Allocations: 585)
15:16:35 │ web-backend │
15:16:35 │ web-backend │
15:16:35 │ web-backend │
15:16:35 │ web-backend │ ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):
15:16:35 │ web-backend │
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:253:in `handle_unverified_request'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:286:in `handle_unverified_request'
15:16:35 │ web-backend │ actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:275:in `verify_authenticity_token'
when i changed my ApplicationController
# web/app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
# it skips csrf token validation
skip_forgery_protection
end
Application run fine and web hook delivered successfully
But this approach is not a standard way to deal with this issue
Does Anyone have any standard solution for it
Thanks
Hey @Dumydev
Thanks for flagging this - can you please file here: https://github.com/Shopify/shopify-app-template-ruby/issues
Scott | Developer Advocate @ Shopify
Hi @SBD_
Thanks For Reply
I raise a Issue on github as well
https://github.com/Shopify/shopify-app-template-ruby/issues/115
Please Resolve this solution ASAP
Thanks & Regards