Webhooks created from API's

Vijith_Menon
New Member
4 0 0

How do verify webhooks created from the API? What is the secret used to hash the HTTP_X_SHOPIFY_HMAC_SHA256 address in case of webhook created through API? I tried verifying using the secret given in the Notification dashboard when we create a webhook but that didn't work for the webhooks registered from API's.

Replies 5 (5)

Ryan
Shopify Staff
499 42 120

Try this doc: https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Vijith_Menon
New Member
4 0 0

Hi Ryan,

I don't have the secret with which the HTTP_X_SHOPIFY_HMAC_SHA256 is signed when i create webhooks from backend.

If you can help me how to get the secret, i will be able to verify it.

Vijith_Menon
New Member
4 0 0

Any update here?

Anthony28
Shopify Partner
6 0 4

Assuming you are creating a public app, this should be your app's "API shared secret", which you should have received along with your public API key:

https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token

If creating a private app, you should receive an equivilant of the shared key. From the admin, go to:

Apps > Manage private apps > [Your app name]

You should see a field that says Shared Secret. If this doesn't work, try the Password.

Vijith_Menon
New Member
4 0 0

Thanks for the response. The shared secret key worked.