Hi,
I am currently developing an offsite payments app, we are following the Shopify template https://github.com/Shopify/example-app–payments-app-template–remix, when we receive a payment session request or a refund session request from Shopify, we don’t get any HMAC verification info in the request body or headers, how can we make verify that the payment/refund request received on the Shopify payments app was originated from Shopify and not its not a random request from an untrusted source.
Thanks in advance.