HMAC signature is undefined

Peter_Nyboer
Visitor
1 0 0

I have a nodejs app that gets order callbacks from our shopify store. It is working fine, but I've gotten several errors today from orders that come in and the signature (result from req.get('X-Shopify-Hmac-Sha256'); ) is "undefined".

Why would this be? What is this source of this POST request? Here's a code snippet.

 

// We'll compare the hmac to our own hash
    hmac = req.get('X-Shopify-Hmac-Sha256');
    console.log(`signature from order post: ${hmac}`);
    // Use raw-body to get the body (buffer)
    const body = JSON.stringify(req.body);
    if(SENDJSON===true){
      sendOrderEmail(body);
    }
    // Create a hash using the body and our key
    hash = crypto
      .createHmac('sha256', SHOPSECRET)
      .update(req.rawbody, 'utf8', 'hex')
      .digest('base64');

 

The log is showing this:

signature from order post: undefined

 

where it would normally show the actual signature. 
Anybody ever see this in their apps? Clearly I'm getting posts that are unsigned, would would indicate some sort of bad actor doing bad things! Any recommendations on what action I might want to take here? 

Reply 1 (1)

Girish_Rajwani
Shopify Partner
78 2 8

Even i am facing the same issue. Did you found any solution?

*Girish Rajwani - Shopify Expert
*Was this helpful? Click Like to let us know!
*Was your question answered? Mark it as an Accepted Solution.
*My Shopify Apps: https://apps.shopify.com/partners/girish-rajwani