Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Verification fails on webhooks .NET

Verification fails on webhooks .NET

StefanV
Visitor
3 0 0

I am internally developing a middleware for a company and, for that end, I have been given access to a sandbox environment store, so with that being said, I am not in the possession of my own shopify partner account.

Now, at the store admin panel (found at "https://admin.shopify.com/store/{store-id}") I go to:
Settings > Notifications > Webhooks
Here I register my endpoint as the recipient of the webhooks. I also have a custom app installed with a bunch of related scopes. I've tried the following keys for the digest:

  • The API-key
  • The Secret API-key
  • The Admin-Access token
  • The sample string at the bottom of the notification-settings page.

But neither appear to be generating a signature that matches the header?

They all cause my controller to return 401.

 

Here's the code for my verification process, in case I did something wrong there.

private bool VerifyAuthenticity(string payloadAsJson, string hmacHeader, string shopId)
{
    try
    {
        string validationKey = $"{_redactedKey} ";

        byte[] keyAsBytes = Encoding.UTF8.GetBytes(validationKey);
        byte[] payloadAsBytes = Encoding.UTF8.GetBytes(payloadAsJson);

        using (HMACSHA256 hmac = new HMACSHA256(keyAsBytes))
        {
            byte[] digest = hmac.ComputeHash(payloadAsBytes);
            string signature = Convert.ToBase64String(digest);

            return String.Equals(signature, hmacHeader, StringComparison.Ordinal);
        }
    }
    catch
    {
        return false;
    }
}

Although, I do believe I've analyzed the Python-script available at the documentation properly.

The webhooks are registered at the admin-panel and not subscribed to with an HttpRequest.

Replies 0 (0)