Webhooks on shopify_appi ruby app, not working.

Shopify Apps

Topic summary

A developer is attempting to implement a products/update webhook in a Shopify Ruby app but encountering routing and security issues.

Current Setup:

  • Webhook configured in initializer for products/update topic pointing to webhooks/products_update path
  • Controller created to handle webhook data by parsing JSON from request body
  • Route defined as post 'webhooks/products_update'

The Problem:

  • The app receives webhook events when products are updated in the store
  • However, errors occur: ActionController::RoutingError (No route matches [POST] "/")
  • Additional error: “Cannot render console from 43.123.161.6! Allowed networks: 127.0.0.0/127.255.255.255, ::1”

Key Issue:
The routing error suggests webhooks may be hitting the wrong endpoint (“/” instead of the configured path). The developer suspects missing security validation steps, particularly around webhook verification/authentication, as indicated by skip_before_action :verify_authenticity_token in the controller.

The discussion remains open with no resolution yet provided.

Summarized with AI on November 17. AI used: claude-sonnet-4-5-20250929.
1

Hello.

I am trying to subscribe to the products/update Webhook topic within my app. I am getting the event but I think I need an extra step (maybe security stuff?) to make it work properly.

This is my initializer:

# frozen_string_literal: true

ShopifyApp.configure do |config|
config.webhooks = [
{ topic: 'products/update', path: 'webhooks/products_update' }
]
config.application_name = "caffeinesync"
config.old_secret = ""
config.scope = "read_products, read_orders, write_orders" # Consult this page for more scope options:
# https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
config.embedded_app = true
config.after_authenticate_job = false
config.api_version = "2023-07"

config.reauth_on_access_scope_changes = true

config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence

if defined? Rails::Server
raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#requirements') unless config.api_key
raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#requirements') unless config.secret
end
end

Rails.application.config.after_initialize do
if ShopifyApp.configuration.api_key.present? && ShopifyApp.configuration.secret.present?
ShopifyAPI::Context.setup(
api_key: ShopifyApp.configuration.api_key,
api_secret_key: ShopifyApp.configuration.secret,
api_version: ShopifyApp.configuration.api_version,
host: ENV['HOST'],
scope: ShopifyApp.configuration.scope,
is_private: !ENV.fetch('SHOPIFY_SHOP_NAME', '').empty?,
is_embedded: ShopifyApp.configuration.embedded_app,
logger: Rails.logger,
private_shop: ENV.fetch('SHOPIFY_SHOP_NAME', nil),
user_agent_prefix: "ShopifyApp/#{ShopifyApp::VERSION}"
)

ShopifyApp::WebhooksManager.add_registrations
end
end

My route:

# frozen_string_literal: true

Rails.application.routes.draw do
get '/products', to: 'products#index'
post '/webhooks/square', to: 'square_webhooks#handle_event'
post '/webhooks/products_update', to: 'webhooks#products_update'
end

My controller:

# app/controllers/webhooks_controller.rb
class WebhooksController < ApplicationController
#skip_before_action :verify_authenticity_token

def products_update
data = JSON.parse(request.body.read)
# Process the data from the webhook here
# You can access the event details using 'data' variable
# Example: event_type = data['event']

# Your processing code here

head :no_content
end
end

When I change some product on my store, my app receives the event, but get an error:

Started POST "/" for 34.123.161.6 at 2023-08-17 16:37:34 -0300
Cannot render console from 34.123.161.6! Allowed networks: 127.0.0.0/127.255.255.255, ::1

ActionController::RoutingError (No route matches [POST] "/"):

Started POST "/" for 34.123.161.6 at 2023-08-17 16:38:37 -0300
Cannot render console from 34.123.161.6! Allowed networks: 127.0.0.0/127.255.255.255, ::1

ActionController::RoutingError (No route matches [POST] "/"):

Started POST "/" for 34.123.161.6 at 2023-08-17 16:39:24 -0300
Cannot render console from 34.123.161.6! Allowed networks: 127.0.0.0/127.255.255.255, ::1

ActionController::RoutingError (No route matches [POST] "/"):

Can someone help me with that?