I am working on integrating Shopify with a Salesforce org, I want to use the webhooks to do so, but couldn’t find a way to provide the required authentication data to use the endpoint!
I was guided by customer support to create an App under my store and find those options but I didn’t.
There’s a related issue here but couldn’t find any instructions in the mentioned docs.
Hi @BOOST-STAR
Thanks for replaying!
Currently, I am on a free dev account and I am not able to see anywhere that I can use to configure the endpoints and the auth data!
I am wondering if the account type/tier makes a difference!
under the app → Configuration → Admin API integration all I have about HTTPS API are links to docs, nothing to configure.
Hi @BOOST-STAR
Appreciate you replying again!
I did, but nothing changed! I am not sure if that would be only the first step though 
Any Luck? The webhook documentation doesnt mention anything regarding authenticating any HTTPS endpoints. There is an accepted solution for this given problem, but all it does is to pint at that same documentation. Its a simple use case..
I am integrating multiple systems with my salesforce instance so I left this one to the last.
Everyone is pointing to creating a custom app and configuring the webhook with the needed logic, but even if that’s the solution, how to deploy the code? where to keep our secrets? a lot more concerns are here… and not much in the Docs.
I tried multiple times but had no luck, what I could do was make my endpoint public and verify that the request was coming from Shopify by hashing the payload. I’ll be trying soon to do it again with my Oauth flow but if it doesn’t work will go ahead with the other solution!
Yes, I see the HMAC route as the only other viable option. But that doesnt solve the problem. The API gateway expects a JWT Token. It will not even route the request to end application
One more thing I explored is using Tasks to configure a workflow. In workflow they have option to configure a HTTP Task. Over there we can put the token in the header, but from where to generate and rotating the token if we dont have a deployable codebase
Eventually, I was able to create a custom app from the CLI and I could implement my logic in that app so I can retrieve the token and use it with the original call.
However, I am not sure I’ll go with this approach since it will require hosting this app somewhere and has its own complications, tbh I don’t believe that I have to create a whole app and host it just to write a couple of lines to get an access token and use it!! and I believe I did my homework by searching in docs about different approaches! so apparently, we don’t have that many options!
If you still want to create a custom app and put your logic on, I might guide you through what I did to have this working!
Thanks. My challenge is to integrate it with Webhooks event trigger. Token should be available at the moment of dispatching outbound request from Shopify