App Rejected

Retired Boards Appdev Graphql Basics And Troubleshooting
1

I have submitted an app on the Shopify but its rejected,

rejection reason: "App must verify the authenticity of the request from Shopify."

Can you please help me which settings required for this point?

2

Hi

I think this is referring to webhooks though you may have some more context in your email that will help you figure out what the reviewers were referring to.

Webhooks
When you receive a webhook from Shopify, you need to verify that it actually was sent by Shopify.
You can read more about verify webhooks in this documentation.
https://shopify.dev/apps/webhooks/configuration/https

3

we got following message from shopify for app

========================================================================================

App must verify the authenticity of the request from Shopify.
Your app does not request installation on the shop immediately after clicking “add app”. Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected OAuth to be initiated at https://cambridgetestshop.myshopify.com/admin/oauth/request_grant but was redirected to https://apokto.herokuapp.com/homes/connect_to_shopify?hmac=578bbad063c2c252d42b8629a54381c1364d9ce2b0d180ee6882a6cfa3d9296a&host=Y2FtYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&shop=cambridgetestshop.myshopify.com&timestamp=1649919378.

For this, how set webhook?

Screenshot 2022-04-19 at 10.08.15 AM.png
Screenshot 2022-04-19 at 10.08.15 AM.png1019×290 28.1 KB

4

Thanks for the additional context!

From the other context you have provided it does not seem to be in regarding webhooks but rather initiating the OAuth flow during installation.

When a merchant clicks on Add App from the Shopify app store you must do a series of requests so that the merchant can review the scopes that your app is asking for and you can retrieve the access token.

To learn exactly what you need to do you can review the documentation here!
https://shopify.dev/apps/auth/oauth/getting-started

5

When we test app from Test app on development store

Screenshot 2022-04-20 at 11.06.06 AM.png
Screenshot 2022-04-20 at 11.06.06 AM.png1028×372 20.4 KB

then it redirect in our application (https://apokto.herokuapp.com/homes/connect_to_shopify) and then redirect shopify app asked for install app.(https://apokto-test.myshopify.com/admin/oauth/request_grant)

Screenshot 2022-04-20 at 11.12.00 AM.png
Screenshot 2022-04-20 at 11.12.00 AM.png762×799 51.1 KB

Is there any other settings required related that?

Screenshot 2022-04-20 at 11.14.11 AM.png
Screenshot 2022-04-20 at 11.14.11 AM.png1064×750 58.4 KB