What is an algorithm or formula between X-Request-Id and X-Request-Sign headers?

Shopify Apps

Topic summary

A developer is working on validating incoming requests to a custom Shopify app with a proxy endpoint. They initially tried to use the x-request-id and x-request-sign headers to verify request authenticity.

Resolution:

  • Another user clarified that signature validation should use URL query parameters, not headers
  • The official Shopify documentation on calculating digital signatures for app proxies was provided as the solution
  • The original poster confirmed this resolved their issue

Follow-up question:
A third user asked how to access the x-request-id header within the app proxy, which remains unanswered.

The discussion appears resolved for the original question, though the follow-up query about header access is still open.

Summarized with AI on November 11. AI used: claude-sonnet-4-5-20250929.
1

Trying to figure out how my custom app with proxy endpoint could validate incoming request from shop web page. For example my request contains such headers after app proxy forwarder request to custom server:

"x-request-id":"3e1a07a6-5eae-4602-a2fe-6cc023c4ca67","x-request-id-sig":"pZCC94wJi96k2NVo84H3NiayWHs="

so could you please help me figure out how my app could recalculate signature for x-request-id header to check authenticity ?

“pZCC94wJi96k2NVo84H3NiayWHs=” === sign(“3e1a07a6-5eae-4602-a2fe-6cc023c4ca67”)

Thanks!

2

Hello

You want use some header, but all data to calculate signature live in get in URL query parameters.
You should use this guide to calculate signature.

https://shopify.dev/apps/online-store/app-proxies#calculate-a-digital-signature

1 Like
3

BorisD,

I did miss it :sweat_smile:

thanks a lot!

4

Hi @Maksym_Hniedko

How can we get the x-request-id header in the proxy app ?