Have your say in Community Polls: What was/is your greatest motivation to start your own business?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Shopify Webhook Validation. Digest is not equal to header?

Shopify Webhook Validation. Digest is not equal to header?

kirmftng
Visitor
3 0 1

Hey all, for some reason that I don't understand my HMAC digest seems to be the same length and looks quite like what gets sent in the X-Shopify-Hmac-256 header however they don't exactly match. I'm grabbing my secret from the bottom of the admin notification settings page.

 

const verifyHook = async (req) => {
    const hash = await crypto.createHmac('sha256', "secret").update(JSON.stringify(req.body), 'utf8', 'hex').digest('base64');
    const pHeaders = await JSON.stringify(req.headers);
    const oHeaders = await JSON.parse(pHeaders);
    console.log(oHeaders['x-shopify-hmac-sha256'])
    console.log(hash)
    return hash === oHeaders['x-shopify-hmac-sha256'];
}

Here's my code, any help is appreciated.

Reply 1 (1)

Visely-Team
Shopify Partner
1843 210 488

Can you avoid calling stringify on request body and pass a raw value as read from the response stream?

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog