Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
Hey all, for some reason that I don't understand my HMAC digest seems to be the same length and looks quite like what gets sent in the X-Shopify-Hmac-256 header however they don't exactly match. I'm grabbing my secret from the bottom of the admin notification settings page.
const verifyHook = async (req) => { const hash = await crypto.createHmac('sha256', "secret").update(JSON.stringify(req.body), 'utf8', 'hex').digest('base64'); const pHeaders = await JSON.stringify(req.headers); const oHeaders = await JSON.parse(pHeaders); console.log(oHeaders['x-shopify-hmac-sha256']) console.log(hash) return hash === oHeaders['x-shopify-hmac-sha256']; }
Here's my code, any help is appreciated.
Can you avoid calling stringify on request body and pass a raw value as read from the response stream?