Try to search your question here, if you can't find : Ask Any Question Now ?

How to fix HMAC validation for Shopify app/uninstall webhook using node and koa?

HomeCategory: stackoverflowHow to fix HMAC validation for Shopify app/uninstall webhook using node and koa?
Avatarwillson asked 5 months ago

I’ve followed the guide at https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook along with some other threads and I think I’m following the same method outlined but the hash I generate ends up different from the one provided in the headers. My approach is to take the request body, JSON stringify it, create an SHA256 hmac from it, and then base64 encode it:

const verifyWebhook = (hmac, requestBody, secretKey) => {
  const providedHmac = Buffer.from(hmac, 'utf-8').toString();
  const myHmac = Buffer.from(
    crypto
      .createHmac('sha256', secretKey)
      .update(JSON.stringify(requestBody))
      .digest('hex'),
        'utf-8',
       ).toString('base64');

  return myHmac === providedHmac
}

verifyWebhook(ctx.request.headers['x-shopify-hmac-sha256'], ctx.request.body, secretKey);

What am I doing wrong?

Edit:

I tried switching the .digest(‘hex’) to .digest(‘base64’) and although the hash looks closer to matching it’s still off too.

1 Answers
Best Answer
AvatarMannu answered 5 months ago
Your Answer

7 + 13 =

Popular Tags

WP Facebook Auto Publish Powered By : XYZScripts.com