Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I really don't know how to fix this, I've submitted my app in the past without any issues.
- App must verify the authenticity of the request from Shopify.
Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest.Learn more about verifying a webhook- App must be served over HTTPS.
There was an error connecting to your app. Make sure itsApp URL and Allowed redirection URLwork correctly.
I can even see the Shopify test requests in my backend logs, and they all seem fine to me.
(1) Feb 09 10:36:16 - GET /shopify/token HTTP/1.1 401 43 - 0.982 ms
(2) Feb 09 10:09:35 - GET /shopify/install?hmac=XXXXbfd03f0e9970be6d907a69d24d19ca1fda1db092d6cd0a2e3ba92cb547b2&host=XXXXYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&session=XXXXcb5baa6de89cb480de8b89c238d860c3c9eb96d0059d68c4580d4907d395&shop=cambridgetestshop.myshopify.com×tamp=XXXX401375 HTTP/1.1 302 950 - 0.727 ms
(3) Feb 09 10:09:36 - GET /shopify/token?code=XXXX45dba979629298c10f422397b834&hmac=XXXXcdb4881cbbdd12fd2b434dcb404bab493df57094ec90aea561ba4b67d17c&host=XXXXYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&shop=cambridgetestshop.myshopify.com&state=XXXX8a99-5d44-41c1-b237-f464ffb1663f×tamp=XXXX401376 HTTP/1.1 302 364 - 634.158 ms
I've tried the same requests changing the hmac and it successfully return 401.
I can't see any requests being made for subscribed webhooks, but I tested them myself and they work just fine. What is going on?
I really don't know what else to do or who to talk with...
Hi
@javioverflow I would recommend reaching out to partner support to find out what the issue is, and if needed we can provide additional support.
Regards,
To learn more visit the Shopify Help Center or the Community Blog.
Hi Csam!
Myself also getting the following Requirements,
Requirements that must be met before initial screening
Please help me out how to fix this ..
Hey @Sharan_oapps , Is you issue fixed, can you please let me know, I am facing same issue
Hi, if you're working in ruby on rails.
You can try including WebhookVerification module from shopify app gem by adding the following line to your webhooks controller:
include ShopifyApp::WebhookVerification
This module has a before action which verifies the requests against the hmac header and returns 401 unauthorized in case request wasn't sent from shopify.