To ensure the security of my API login details while working with Shopify and AWS Lambda, I implemented a verification method similar to the one used by Shopify webhooks. Here’s the process I used:
-
Within Shopify, I utilized Liquid to construct a base64-encoded signature by combining the entire request payload with a private key.
-
I sent both the payload and the encoded signature to my AWS Lambda function via the API Gateway.
-
Upon receiving the payload in Lambda, I encoded the payload again using the same private key.
-
I compared this newly encoded signature with the one I received. If they matched, I could confirm that the request was indeed coming from Shopify.
This method ensured that the request was authenticated and originated from Shopify before any further processing by the Lambda function.