Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
Hi All
Apologies if this has been asked before (I searched before posting and couldn't find the answer). Is it possible to have Shopify POST a webhook event to an authenticated endpoint, or do they all need to be to an address with no authentication? I run my server with basic auth as a minimum, but I can't seem to find where to configure the credentials in Shopify for it to use when posting the event to my authenticated receiving endpoint.
Kind thanks in advance,
Sam
Solved! Go to the solution
This is an accepted solution.
Not sure if accepting your own solution works on this, but I found that creating the Webhook through the API worked, but using the Admin console did not. Not exactly sure why, but hey, events are now flowing from Shopify through the secure callback API :-).
UPDATE: I've just tried the following convention from Postman to my callback endpoint and got a message through:
https://<username>:<password>@mydomain.com/myendpoint/
However, configuring the Webhook in the Shopify Admin console using that convention with my credentials and clicking "Send Notification" (to test it out) doesn't result in anything posting to my service.
Any ideas? Perhaps I'm missing something basic (and crucial).
This is an accepted solution.
Not sure if accepting your own solution works on this, but I found that creating the Webhook through the API worked, but using the Admin console did not. Not exactly sure why, but hey, events are now flowing from Shopify through the secure callback API :-).
This was my same experience which is really strange but im glad this worked.
For anyone else wondering about this here is the api reference
- https://shopify.dev/docs/admin-api/rest/reference/events/webhook?api[version]=2020-07#create-2020-07
Also thanks @akto-sam for pointing in the right direction.
The older documentation is no longer available and newer versions, there is no mention of any auth mechamism. Question is still relevant as of today: Where to store auth credentials for sending a request to an authenticated external endpoint through webhook address callback.