What is an algorithm or formula between X-Request-Id and X-Request-Sign headers?

Maksym_Hniedko · July 4, 2022, 1:27pm

Trying to figure out how my custom app with proxy endpoint could validate incoming request from shop web page. For example my request contains such headers after app proxy forwarder request to custom server:

"x-request-id":"3e1a07a6-5eae-4602-a2fe-6cc023c4ca67","x-request-id-sig":"pZCC94wJi96k2NVo84H3NiayWHs="

so could you please help me figure out how my app could recalculate signature for x-request-id header to check authenticity ?

“pZCC94wJi96k2NVo84H3NiayWHs=” === sign(“3e1a07a6-5eae-4602-a2fe-6cc023c4ca67”)

Thanks!

BorisD · July 13, 2022, 5:21pm

Hello

You want use some header, but all data to calculate signature live in get in URL query parameters.
You should use this guide to calculate signature.

https://shopify.dev/apps/online-store/app-proxies#calculate-a-digital-signature

Maksym_Hniedko · July 15, 2022, 5:04pm

BorisD,

I did miss it

thanks a lot!

Xen-dev · March 25, 2024, 6:50pm

Hi @Maksym_Hniedko

How can we get the x-request-id header in the proxy app ?

Topic		Replies	Views
App Proxy Signature Change? Tools	2	34	October 12, 2023
Private App Proxy HMAC Validation Issue Store Design	2	24	October 14, 2018
Invalid Signature for App Proxy Authentication troubleshooting	0	30	February 20, 2024
Getting the x-request-id using the Ruby API gem Graphql Basics And Troubleshooting Setting-Up	1	20	December 16, 2022
Im having problem with the proxy signature verification Shopify Apps	1	25	December 27, 2020

What is an algorithm or formula between X-Request-Id and X-Request-Sign headers?

Related topics