Webhook validation in python
585 views
Skip to first unread message
Matt C
Sep 6, 2012, 12:07:16 PM9/6/12
to shopify-a...@googlegroups.com
Hi all - I wanted to post a little example of how I am validating my webhooks for a django app in the event it's useful.
import hashlib,base64,hmac
def is_shopify_hmac(data,secret,headerval):
''' Validates the HMAC signature from shopify. If not there, deny request.'''
hm = hmac.new(secret,data,hashlib.sha256)
hm_digest_verify = base64.b64encode(hm.digest())
if hm_digest_verify != headerval:
return False
else:
return True
the arguments are:
data -> post body data
secret -> shared secret
headerval -> the HMAC header value from the X-Shopify-Hmac-Sha256 header.
Hope it's useful for someone, seems to work for me :)
--Matt
import hashlib,base64,hmac
def is_shopify_hmac(data,secret,headerval):
''' Validates the HMAC signature from shopify. If not there, deny request.'''
hm = hmac.new(secret,data,hashlib.sha256)
hm_digest_verify = base64.b64encode(hm.digest())
if hm_digest_verify != headerval:
return False
else:
return True
the arguments are:
data -> post body data
secret -> shared secret
headerval -> the HMAC header value from the X-Shopify-Hmac-Sha256 header.
Hope it's useful for someone, seems to work for me :)
--Matt
David Underwood
Sep 6, 2012, 12:35:41 PM9/6/12
to shopify-a...@googlegroups.com
Hey Matt,
Thanks for sharing! Could you integrate this into the official example and submit a pull request on Github? I'd love to see this available by default. Thanks!
-David Underwood
Developer Advocate, Shopify
--Matt
--
Matt Cauthorn
Sep 6, 2012, 3:33:07 PM9/6/12
to shopify-a...@googlegroups.com
Will do.
Sent from my iPhone
Sent from my iPhone
--
Reply all
Reply to author
Forward
0 new messages