https://shopify.dev/docs/api/shopify-cli/app/app-webhook-trigger
use this
Topic summary
Configuration & Verification:
Developers must implement GDPR mandatory webhooks (customers/data_request, customers/redact, shop/redact) as POST endpoints on their server that verify incoming HMAC values against their private key, returning 401 for invalid requests.
Documentation Gap:
Official Shopify documentation lacks Node.js code examples for manual webhook verification. A GitHub issue (#256) provides a minimal working implementation.
Testing Challenges:
customers/data_requestandcustomers/redactonly trigger if the app requests customer/order data access. Can be tested by creating a test customer and requesting their data.shop/redactfires 48 hours after app uninstallation, requiring a 2-day wait (extended to 10 days in some contexts based on later comments).- Shopify CLI’s webhook trigger tool doesn’t support mandatory webhooks, forcing developers to wait extended periods for end-to-end testing.
Open Questions:
- How to check delivery logs and response status for triggered webhooks
- Proper URL format for webhook endpoints
- Whether legacy theme apps requiring only script tag access need all three webhooks
Status: Discussion remains open with no efficient testing solution for production environments.