FROM CACHE - en_header
Promotion image
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Webhook Validation

Webhook Validation

Garden_Variety
Shopify Partner
2 0 1
‎12-26-2018 08:12 PM

Hi – I create a new webhook (order payment event) via the API. Do I use my Shopify “shared_secret” to validate the “X-Shopify-Hmac-SHA256” token passed in the header of the request? I am using .Net to validate the token – does anyone have sample .Net validation sample code?

2,933 Views
1 Like
Report
Replies 2 (2)

Alex
Shopify Staff
1561 81 343
‎01-14-2019 07:23 PM

I don't have a .Net code snippet to share, but the algorithm can be seen in Ruby and PHP here: https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook

You are correct in that you use the shared_secret as set in your partner dashboard to validate the HMAC. In the example, `data` is the stringified JSON, and the actual values being compared are the Base64 representations of the HMAC, so make sure you encode your HMAC as Base64 before comparing.

Cheers.

Alex | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

2,933 Views
0 Likes
Report

developer_2020
Shopify Partner
60 0 8
‎07-14-2020 10:23 AM

Does anyone have the .NET code example?

2,022 Views
0 Likes
Report
Terms of Service Privacy Policy