commerce icon indicating copy to clipboard operation
commerce copied to clipboard

Published 20 hours ago verified publisher icon vercel

Move to HMAC verification of webhooks

Open psolbach opened this issue 1 year ago • 0 comments

I propose to move to verifying the HMAC hashed signature provided by Shopify as explained in the docs. This would be a lot safer than transmitting a plain secret as a query param. The header in question is "x-shopify-hmac-sha256". Should I provide the implementation?

Source: https://shopify.dev/docs/apps/build/webhooks/subscribe/https

psolbach avatar Oct 23 '24 13:10 psolbach