Why is my app not verifying Shopify request authenticity during installation?

we got following message from shopify for app

========================================================================================

App must verify the authenticity of the request from Shopify.
Your app does not request installation on the shop immediately after clicking “add app”. Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected OAuth to be initiated at https://cambridgetestshop.myshopify.com/admin/oauth/request_grant but was redirected to https://apokto.herokuapp.com/homes/connect_to_shopify?hmac=578bbad063c2c252d42b8629a54381c1364d9ce2b….

When we test app from Test app on development store

forrest_apokto_0-1650860004398.png400×145 10.7 KB

then it redirect in our application (https://apokto.herokuapp.com/homes/connect_to_shopify) and then redirect shopify app asked for install app.(https://apokto-test.myshopify.com/admin/oauth/request_grant)

forrest_apokto_1-1650860004486.png381×400 36.4 KB

Is there any other settings required related that?

forrest_apokto_2-1650860004385.png400×282 24.9 KB

Hi, on your endpoint where you are receiving requests from shopify you need to check their HMAC, if its from shopify then process it otherwise return 401.
There are plenty of solution online given for each language.