Solved

Webhook POSTing to authenticated URL

akto-sam
Shopify Partner
4 1 3

Hi All

 

Apologies if this has been asked before (I searched before posting and couldn't find the answer). Is it possible to have Shopify POST a webhook event to an authenticated endpoint, or do they all need to be to an address with no authentication? I run my server with basic auth as a minimum, but I can't seem to find where to configure the credentials in Shopify for it to use when posting the event to my authenticated receiving endpoint.

 

Kind thanks in advance,

 

Sam

 

Accepted Solution (1)
akto-sam
Shopify Partner
4 1 3

This is an accepted solution.

Not sure if accepting your own solution works on this, but I found that creating the Webhook through the API worked, but using the Admin console did not. Not exactly sure why, but hey, events are now flowing from Shopify through the secure callback API :-).

View solution in original post

Replies 4 (4)

akto-sam
Shopify Partner
4 1 3

UPDATE: I've just tried the following convention from Postman to my callback endpoint and got a message through:

 

https://<username>:<password>@mydomain.com/myendpoint/

 

However, configuring the Webhook in the Shopify Admin console using that convention with my credentials and clicking "Send Notification" (to test it out) doesn't result in anything posting to my service.

 

Any ideas? Perhaps I'm missing something basic (and crucial).

akto-sam
Shopify Partner
4 1 3

This is an accepted solution.

Not sure if accepting your own solution works on this, but I found that creating the Webhook through the API worked, but using the Admin console did not. Not exactly sure why, but hey, events are now flowing from Shopify through the secure callback API :-).

lucyegan
Visitor
1 0 0

This was my same experience which is really strange but im glad this worked.

For anyone else wondering about this here is the api reference
https://shopify.dev/docs/admin-api/rest/reference/events/webhook?api[version]=2020-07#create-2020-07

 

Also thanks @akto-sam for pointing in the right direction.

NileshS
Shopify Partner
6 0 0

The older documentation is no longer available and newer versions, there is no mention of any auth mechamism. Question is still relevant as of today: Where to store auth credentials for sending a request to an authenticated external endpoint through webhook address callback.