Webhook validation in python

585 views
Skip to first unread message

Matt C

unread,
Sep 6, 2012, 12:07:16 PM9/6/12
to shopify-a...@googlegroups.com
Hi all - I wanted to post a little example of how I am validating my webhooks for a django app in the event it's useful.

import hashlib,base64,hmac

def is_shopify_hmac(data,secret,headerval):
    ''' Validates the HMAC signature from shopify. If not there, deny request.'''
    hm = hmac.new(secret,data,hashlib.sha256)
    hm_digest_verify = base64.b64encode(hm.digest())
    if hm_digest_verify != headerval:
        return False
    else:
        return True

the arguments are:
data -> post body data
secret -> shared secret
headerval -> the HMAC  header value from the X-Shopify-Hmac-Sha256 header.

Hope it's useful for someone, seems to work for me :)

--Matt

David Underwood

unread,
Sep 6, 2012, 12:35:41 PM9/6/12
to shopify-a...@googlegroups.com
Hey Matt,

Thanks for sharing! Could you integrate this into the official example and submit a pull request on Github? I'd love to see this available by default. Thanks!

-David Underwood
 Developer Advocate, Shopify



--Matt

--
 
 
 

Matt Cauthorn

unread,
Sep 6, 2012, 3:33:07 PM9/6/12
to shopify-a...@googlegroups.com
Will do. 

Sent from my iPhone
--
 
 
 
Reply all
Reply to author
Forward
0 new messages