Some days we receive a bunch of requests from Shopify on our webhooks. these come from test shops like cambridgetestshop and aglio-e-olio.
we notice that all of these are failed by our backend with “invalid signature”. that is, that payload doesn’t match the hmac256 from our end, which we calculate with our app secret.
is this normal behavior?