Webhook hmac validation failing in @shopify/shopify-api

Shopify Partner
6 0 2



we are seeing a small fraction of 403's errors in our app when our webhook calls are processed. The error message is always: "Could not validate request for topic orders/fulfilled."
Looking at the (Shopify) code that returns this error, it can be seen that this is due to hmac validation failing: https://github.com/Shopify/shopify-node-api/blob/e451ab91e7e64ae191c63ff953eb3f0e88431d2a/src/webhoo...
However, the hmac header value originates from Shopify when calling our webhook - this validation should never fail. So either the calling side or the validation side is not 100% bulletproof - in other words for certain orders, the code is not working correctly.
The majority of orders are processing just fine. I am able to provide timestamps and all header values for when this error happened. Any Shopify dev should be able to dig into this using logs on their end.
Replies 3 (3)
Shopify Staff
Shopify Staff
63 10 15

Hi Reikje, I can take a look, could you please DM me the header values, subscription IDs or Webhook IDs for the webhooks failing validation 

mrad | Developer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

2 0 0

Was this resolved?
I'm facing the same issue.

Shopify Partner
6 0 2

No, it wasn't. I reached out to @mrad on the 28th of July via direct message but didn't get a response. We are still hitting this problem today occasionally.