Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Webhook hmac validation failing in @shopify/shopify-api

Webhook hmac validation failing in @shopify/shopify-api

reikje
Shopify Partner
6 0 2

Hello,

 

we are seeing a small fraction of 403's errors in our app when our webhook calls are processed. The error message is always: "Could not validate request for topic orders/fulfilled."
 
Looking at the (Shopify) code that returns this error, it can be seen that this is due to hmac validation failing: https://github.com/Shopify/shopify-node-api/blob/e451ab91e7e64ae191c63ff953eb3f0e88431d2a/src/webhoo...
 
However, the hmac header value originates from Shopify when calling our webhook - this validation should never fail. So either the calling side or the validation side is not 100% bulletproof - in other words for certain orders, the code is not working correctly.
 
The majority of orders are processing just fine. I am able to provide timestamps and all header values for when this error happened. Any Shopify dev should be able to dig into this using logs on their end.
 
Best,
Reik
Replies 3 (3)

mrad
Shopify Staff (Retired)
63 10 15

Hi Reikje, I can take a look, could you please DM me the header values, subscription IDs or Webhook IDs for the webhooks failing validation 

mrad | Developer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

octalweb
Visitor
2 0 0

Was this resolved?
I'm facing the same issue.

reikje
Shopify Partner
6 0 2

No, it wasn't. I reached out to @mrad on the 28th of July via direct message but didn't get a response. We are still hitting this problem today occasionally.