Topics covering webhook creation & management, event handling, Pub/Sub, and Eventbridge, in Shopify apps.
How do verify webhooks created from the API? What is the secret used to hash the HTTP_X_SHOPIFY_HMAC_SHA256 address in case of webhook created through API? I tried verifying using the secret given in the Notification dashboard when we create a webhook but that didn't work for the webhooks registered from API's.
Try this doc: https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook
Ryan | Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Hi Ryan,
I don't have the secret with which the HTTP_X_SHOPIFY_HMAC_SHA256 is signed when i create webhooks from backend.
If you can help me how to get the secret, i will be able to verify it.
Any update here?
Assuming you are creating a public app, this should be your app's "API shared secret", which you should have received along with your public API key:
https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token
If creating a private app, you should receive an equivilant of the shared key. From the admin, go to:
Apps > Manage private apps > [Your app name]
You should see a field that says Shared Secret. If this doesn't work, try the Password.
Thanks for the response. The shared secret key worked.