I really don't know how to fix this, I've submitted my app in the past without any issues.
- App must verify the authenticity of the request from Shopify.
Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest.Learn more about verifying a webhook
- App must be served over HTTPS.
There was an error connecting to your app. Make sure itsApp URL and Allowed redirection URLwork correctly.
I can even see the Shopify test requests in my backend logs, and they all seem fine to me.
(1) Feb 09 10:36:16 - GET /shopify/token HTTP/1.1 401 43 - 0.982 ms
(2) Feb 09 10:09:35 - GET /shopify/install?hmac=XXXXbfd03f0e9970be6d907a69d24d19ca1fda1db092d6cd0a2e3ba92cb547b2&host=XXXXYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&session=XXXXcb5baa6de89cb480de8b89c238d860c3c9eb96d0059d68c4580d4907d395&shop=cambridgetestshop.myshopify.com×tamp=XXXX401375 HTTP/1.1 302 950 - 0.727 ms
(3) Feb 09 10:09:36 - GET /shopify/token?code=XXXX45dba979629298c10f422397b834&hmac=XXXXcdb4881cbbdd12fd2b434dcb404bab493df57094ec90aea561ba4b67d17c&host=XXXXYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&shop=cambridgetestshop.myshopify.com&state=XXXX8a99-5d44-41c1-b237-f464ffb1663f×tamp=XXXX401376 HTTP/1.1 302 364 - 634.158 ms
I've tried the same requests changing the hmac and it successfully return 401.
I can't see any requests being made for subscribed webhooks, but I tested them myself and they work just fine. What is going on?
I really don't know what else to do or who to talk with...
Myself also getting the following Requirements,
Requirements that must be met before initial screening
Please help me out how to fix this ..
Hi, if you're working in ruby on rails.
You can try including WebhookVerification module from shopify app gem by adding the following line to your webhooks controller:
This module has a before action which verifies the requests against the hmac header and returns 401 unauthorized in case request wasn't sent from shopify.