Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Webhooks created from API's

Webhooks created from API's

Vijith_Menon
New Member
4 0 0

How do verify webhooks created from the API? What is the secret used to hash the HTTP_X_SHOPIFY_HMAC_SHA256 address in case of webhook created through API? I tried verifying using the secret given in the Notification dashboard when we create a webhook but that didn't work for the webhooks registered from API's.

Replies 5 (5)

Ryan
Shopify Staff
499 42 121

Try this doc: https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Vijith_Menon
New Member
4 0 0

Hi Ryan,

I don't have the secret with which the HTTP_X_SHOPIFY_HMAC_SHA256 is signed when i create webhooks from backend.

If you can help me how to get the secret, i will be able to verify it.

Vijith_Menon
New Member
4 0 0

Any update here?

Anthony28
Shopify Partner
6 0 4

Assuming you are creating a public app, this should be your app's "API shared secret", which you should have received along with your public API key:

https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token

If creating a private app, you should receive an equivilant of the shared key. From the admin, go to:

Apps > Manage private apps > [Your app name]

You should see a field that says Shared Secret. If this doesn't work, try the Password.

Vijith_Menon
New Member
4 0 0

Thanks for the response. The shared secret key worked.