Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
I am internally developing a middleware for a company and, for that end, I have been given access to a sandbox environment store, so with that being said, I am not in the possession of my own shopify partner account.
Now, at the store admin panel (found at "https://admin.shopify.com/store/{store-id}") I go to:
Settings > Notifications > Webhooks
Here I register my endpoint as the recipient of the webhooks. I also have a custom app installed with a bunch of related scopes. I've tried the following keys for the digest:
But neither appear to be generating a signature that matches the header?
They all cause my controller to return 401.
Here's the code for my verification process, in case I did something wrong there.
private bool VerifyAuthenticity(string payloadAsJson, string hmacHeader, string shopId) { try { string validationKey = $"{_redactedKey} "; byte[] keyAsBytes = Encoding.UTF8.GetBytes(validationKey); byte[] payloadAsBytes = Encoding.UTF8.GetBytes(payloadAsJson); using (HMACSHA256 hmac = new HMACSHA256(keyAsBytes)) { byte[] digest = hmac.ComputeHash(payloadAsBytes); string signature = Convert.ToBase64String(digest); return String.Equals(signature, hmacHeader, StringComparison.Ordinal); } } catch { return false; } }
Although, I do believe I've analyzed the Python-script available at the documentation properly.
The webhooks are registered at the admin-panel and not subscribed to with an HttpRequest.