Comments (4)
amitavroy
commented on June 27, 2024
1
Hi @paulomarg I couldn't understand the reason why the key used during the test notification will be different.
However, what I understood from your response is that ideally if the order was created from the development store, it should have validated. And, based on this understanding, I did create a few orders through the Bogus payment gateway. However, even then the validation is failing.
However, when I looked at the sample codes on shopify dev docs: https://shopify.dev/apps/webhooks/configuration/https#step-5-verify-the-webhook
In the PHP code, verify_webhook function uses "hash_equals" function rather than the !== on line 282
https://github.com/Shopify/shopify-api-php/blob/main/src/Webhooks/Registry.php#L282
So, I am a bit confused where I am getting this wrong. A little bit of help in this would be very helpful.
from shopify-app-template-php.
paulomarg
commented on June 27, 2024
Hi @katielgc, unfortunately, that feature for manually dispatching a webhook call won't work with apps. Because it's a store feature, it will create an HMAC signature using that key you mentioned, rather than the app's secret key (which is what the app would expect).
In order to be able to test your app webhook for order creation, you'd need to create an order in your development store, and Shopify will automatically fire the webhook to your app.
Since this is not a bug in the library code, I'm closing the issue, but please feel free to open a new issue if you have any further problems.
from shopify-app-template-php.
katielgc
commented on June 27, 2024
Thanks @paulomarg for your quick response I see what you mean and appreciate you letting me know 🥇
from shopify-app-template-php.
thaild
commented on June 27, 2024
Hi @paulomarg I couldn't understand the reason why the key used during the test notification will be different.
However, what I understood from your response is that ideally if the order was created from the development store, it should have validated. And, based on this understanding, I did create a few orders through the Bogus payment gateway. However, even then the validation is failing.
However, when I looked at the sample codes on shopify dev docs: https://shopify.dev/apps/webhooks/configuration/https#step-5-verify-the-webhook
In the PHP code, verify_webhook function uses "hash_equals" function rather than the !== on line 282 https://github.com/Shopify/shopify-api-php/blob/main/src/Webhooks/Registry.php#L282
So, I am a bit confused where I am getting this wrong. A little bit of help in this would be very helpful.
you can find in .myshopify.com/admin/settings/notifications page under Webhooks section that says "All your webhooks will be signed with <key> so you can verify their identity."
You can use key as API_SECRET_KEY to validate HMAC
from shopify-app-template-php.
Related Issues (20)
- Running with a static url in development, issue with FRONTEND_PORT
- No guidance on setting up and using webhooks with shopify-app-template-php HOT 1
- Access scope related issue HOT 1
- Shopify\Utils::sanitizeShopDomain(): Argument #1 ($shop) must be of type string, null given, called in C:\laragon\www\shopify-first-app\web\app\Lib\AuthRedirection.php on line 17 HOT 3
- unable to get depolyed app with apache to wrok HOT 1
- Connect APP to Database phpMyAdmin
- ERROR Cannot read properties of null (reading 'useContext') [Fresh Installation] HOT 1
- How can add page before showing install app page in ??
- How can show page before showing install app page ??
- Shop is null while checking if app is installed
- ERROR WHILE RUNNING NPM RUN DEV HOT 3
- [Urgent] Getting 404 when installed from Shop Admin Uninstalled App
- Error coming from `composer serve` WHILE RUNNING > npm run dev HOT 1
- Session Storage Not Working Perfactly On DEV Mode
- @shopify_app-bridge-react does not provide an export HOT 3
- Custom App with error Warning: 1265 Data truncated for column 'id' for the session table
- Upgrade shopify cli and app depedencies
- Lack of support here is really difficult for us php devs using Shopify, we cant all switch to remix. HOT 2
- Got invalid webhook request for topic 'orders/create': Could not validate webhook HMAC HOT 3
- Uninstall App feature not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shopify-app-template-php.