HMAC failure Remix app

Shopify Apps

Topic summary

A developer encountered HMAC validation failures when running Shopify’s automated app check for their Remix-based application hosted on Render. The error occurred in their webhook handler.

Root Cause:
The webhook file was throwing errors for mandatory GDPR compliance webhooks (CUSTOMERS_DATA_REQUEST, CUSTOMERS_REDACT, SHOP_REDACT) instead of handling them properly.

Solution Found:
The developer resolved the issue by adding explicit break statements for each GDPR webhook case instead of letting them fall through to the default error handler:

  • CUSTOMERS_DATA_REQUEST
  • CUSTOMERS_REDACT
  • SHOP_REDACT

Additional Context:
For apps that collect user/order data, these endpoints should implement actual data retrieval and deletion logic with proper 200 responses. For apps without user data storage, simply returning a 200 status is sufficient.

Another community member reported the same issue during app publication, confirming this is a common validation requirement.

Summarized with AI on October 27. AI used: claude-sonnet-4-5-20250929.
1

Hi guys, i’ve created an app using remix and i’m hosting the app on render hosting company, everything works fine until i did a run for “Run an automated check for common errors” and i’m getting:

Ionuts1_0-1715870103153.png
Ionuts1_0-1715870103153.png1226×638 29.6 KB

And this is my webhook file:

import { authenticate } from "../shopify.server";
import db from "../db.server";

export const action = async ({ request }) => {
  const { topic, shop, session } = await authenticate.webhook(request);

  switch (topic) {
    case "APP_UNINSTALLED":
      if (session) {
        await db.session.deleteMany({ where: { shop } });
      }
      break;
    case "CUSTOMERS_DATA_REQUEST":
    case "CUSTOMERS_REDACT":
    case "SHOP_REDACT":
    default:
      throw new Response("Unhandled webhook topic", { status: 404 });
  }

  throw new Response();
};

Any tips for fixing this issue? Thanks

2

i’ve found the solution:

case "CUSTOMERS_DATA_REQUEST":
      break;
    case "CUSTOMERS_REDACT":
      break;
    case "SHOP_REDACT":
      break;
    default:
      throw new Response("Unhandled webhook topic", { status: 404 });
3

hello comuminity members i am also facing same issue while publishing the app

kindly suggets me solution

4

Hi, depends if your app is using data about users/orders you have to generate api to retrive data and if they request to delete from your db you have to send them a response 200.

If you app doesn’t record any data about users/orders then you can create endpoint to return 200.