How do verify webhooks created from the API? What is the secret used to hash the HTTP_X_SHOPIFY_HMAC_SHA256 address in case of webhook created through API? I tried verifying using the secret given in the Notification dashboard when we create a webhook but that didn't work for the webhooks registered from API's.
I don't have the secret with which the HTTP_X_SHOPIFY_HMAC_SHA256 is signed when i create webhooks from backend.
If you can help me how to get the secret, i will be able to verify it.
Assuming you are creating a public app, this should be your app's "API shared secret", which you should have received along with your public API key:
If creating a private app, you should receive an equivilant of the shared key. From the admin, go to:
Apps > Manage private apps > [Your app name]
You should see a field that says Shared Secret. If this doesn't work, try the Password.