Mandatory GDPR webhook - advice on implementation

Shopify Apps

Topic summary

Issue: A developer’s embedded Shopify app (Node.js + React via Shopify CLI) is not receiving the GDPR webhook when testing via the test store’s “Request customer data” button; the expected console log (“CUSTOMER DATA REQUEST”) never appears, suggesting a routing/registration problem.

Context: GDPR webhooks are mandatory in Shopify apps to handle customer data access/erasure requests. The developer suspects misconfigured routing between the Shopify GDPR topic and the app’s webhook handler.

Details shared:

  • Code structure and routes (index.js), GDPR handler logic (gdpr.js), and webhook registration (shopify.js).
  • Partner Dashboard app settings configuration.
  • Evidence provided only as screenshots; these images/code snippets are central to diagnosing the issue.

Ask: Advice on the correct implementation and routing for GDPR webhooks so the handler is invoked and logs appear.

Status: No responses or solutions yet; the thread remains open with unresolved questions about proper webhook routing/registration.

Summarized with AI on January 31. AI used: gpt-5.
1

Dear Community,

I’m developing an embedded app with Node.js and React (using boilerplate code generated by Shopify CLI).

The problem is that when I want to test my GDPR webhooks implementation by hitting Request customer data button in the test store, I don’t see ‘CUSTOMER DATA REQUEST’ in the console, so it seems something is wrong with routing.

Could you advice on the correct implementation, please?

Thank you!

My implementation:

  1. index.js:

path.png
path.png1228×234 25.5 KB

  1. gdpr.js:

handler.png
handler.png1028×1192 122 KB

  1. shopify.js:

shopify-node.png
shopify-node.png1568×876 102 KB

  1. App settings in Partner’s dashboard:

shopify.png
shopify.png1880×630 73.2 KB