How to test webhooks re: HTTP_X_SHOPIFY_HMAC_SHA256
270 views
Skip to first unread message
Dani
Jun 6, 2011, 1:48:30 PM6/6/11
to shopify-api
According to the documentation, when receiving a post from a webhook,
there will be a request header named HTTP_X_SHOPIFY_HMAC_SHA256 that
should be used to authenticate the request.
My question is how to test this? When I click 'send test
notification' for orders/create webhook, or even place an actual order
in the test store, this request header is not present. How to test
the code that extracts the header and does the HmacSHA256
authentication?
there will be a request header named HTTP_X_SHOPIFY_HMAC_SHA256 that
should be used to authenticate the request.
My question is how to test this? When I click 'send test
notification' for orders/create webhook, or even place an actual order
in the test store, this request header is not present. How to test
the code that extracts the header and does the HmacSHA256
authentication?
David Underwood
Jun 6, 2011, 1:59:44 PM6/6/11
to shopi...@googlegroups.com
Hi Dani,
The verification header is only sent on webhooks created through the API. This is because the signature is app specific (it relies on the shared secret for hashing) and so if the webhook is created through the admin interface there is no way for the system to know which app to associate it with. Hope that helps.
-David Underwood
Developer Advocate, Shopify
1-888-746-7439 x771
The verification header is only sent on webhooks created through the API. This is because the signature is app specific (it relies on the shared secret for hashing) and so if the webhook is created through the admin interface there is no way for the system to know which app to associate it with. Hope that helps.
-David Underwood
Developer Advocate, Shopify
1-888-746-7439 x771
Reply all
Reply to author
Forward
0 new messages