In re-testing it, x-request-id does not exist in the request header. Not sure if this is expected.
But anyway, I will contact Partner Support then. Thanks.
Topic summary
A developer is experiencing HMAC verification failures when validating Shopify CarrierService API requests for custom shipping rates in a Node.js app.
Current Issue:
- The verification code works correctly on a dummy/development store (Free plan)
- Same code fails on the production store (Advanced Shopify plan)
- Uses standard HMAC-SHA256 verification with
x-shopify-hmac-sha256header and API secret key
Troubleshooting Steps:
- Developer retrieves secret keys from both stores’ configuration pages
- Upon re-testing, discovered
x-request-idheader doesn’t exist in requests
Recommended Solution:
Shopify support suggested contacting the Partner Support team through the Partner Dashboard (not App support, since this is an unpublished custom app). Support can verify correct scopes are applied and check detailed logs using the x-request-id, though its absence may complicate debugging.
Status: Unresolved - developer plans to contact Partner Support for further investigation into why identical verification logic behaves differently across store plans.