Hmac verification on customers/redact

waynefurmidge · October 19, 2021, 3:07pm

Hi All,

Try to implement the GDPR webhook. Have a few questions about how the HMAC is generated etc.

Is the hmac generated from the whole response json? or the headers?

Assuming it is the JSON, is white space been sanitized, \r\n and trailing white space?

If I think of any thing else I will update more, thanks in advanced!

mikedasilva · October 20, 2021, 1:26pm

Hi,

The HMAC is generated based on the body of the webhook. You can refer to these docs for examples of how to verify.

Cheers,

Topic		Replies	Views
HTTP POST for redact-shop-data webhook failing HMAC validation? Shopify Apps	6	100	August 29, 2023
Seeking help: Compliance webhooks green, but “Use HMAC verification” check still flags red (Shopify App) Technical Q&A troubleshooting	0	29	September 12, 2025
I created one laravel app and set GDPR mendetory webhook. will these mandatory webhooks use the same Shopify Apps	0	6	February 9, 2022
Failing at webhook HMAC verification step. Shopify Apps shopify-apps	1	82	August 25, 2024
Failing HMAC Validation in Partner Network for Shopify Remix Template Technical Q&A troubleshooting , shopify-apps	0	75	September 25, 2025