Hi, I have the following issue:
App must verify the authenticity of the request from Shopify.> > Expected HTTP 401 (Unauthorized), but got HTTP 403 from https://******** Your app’s HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about verifying a webhookthe code i am using is:
var CryptoJS = require("crypto-js");
exports.handler = async (event) => {
const { webhook_verify_hash } = process.env;
//get the header with validation hash from webhook
const hmac = event.headers ?
event.headers['X-Shopify-Hmac-Sha256'] || event.headers['x-shopify-hmac-sha256']
: "";
var statusCode = 400;
let firma = CryptoJS.HmacSHA256(event.body, "shpss_*******");
let calculatedHmac = firma.toString(CryptoJS.enc.hex);
if (hmac == calculatedHmac) {
console.log("se va a obtener el token");
statusCode = 200
} else {
console.log("no obtiene el token");
statusCode = 400
}
const response = {
statusCode: statusCode
};
return response;
};
- How can I test the mandatory webhooks and verify the response that I receive?