Closed RohanKambleDev closed 4 months ago
Hi team, we received a follow up request for this issue, do we have any updates? Thank you!
Hi there 👋
I see that you have pretty much figured out the issue, that you are getting this error because the webhooks are signed with a different key than the app expects.
The app is expecting to receive webhooks that's subscriptions were created by the app, and signed with the apps key.
Instead of creating the webhook subscriptions in the Admin UI, you will want to create the webhook subscriptions programatically with the App.
You can see an example of programatically creating the webhook subscription in the provided app code here.
Hey @RohanKambleDev
I would also like to point out that it is important to keep your secret keys secret. Revealing your secret keys could mean that someone else could send webhooks to your app as if they were Shopify.
Please review the following documentation.
Issue summary
I have created a Shopify Custom app through Partner's Dashboard and installed it on my development store.
I am using the App's Client Credentials from the Partner's Dashboard
In the custom app I want to develop a feature that fires a 3rd party API call whenever an order is created on Shopify for that I created a webhook here - https://admin.shopify.com/store/**your-store-name**/settings/notifications/webhooks - (refer to attached image)
Expected behaviour
This works well if I use SHOPIFY_WEBHOOK_SECRET on line number 42 of the below file https://github.com/Shopify/shopify-app-template-php/blob/main/web/app/Providers/AppServiceProvider.php here SHOPIFY_WEBHOOK_SECRET=f4aa6d1997c24f65f20b05eaac7234eba1be5c82ef73f28e2f603f7f081df20b which is please refer to attached image
but if I use the above key then the actual app stops working - that means the custom app does other things as well they stop working due to below error
because the app was created on Partner's Dashboard and so the client credentials needed for the App to correctly function should come from Partner's Dashboard
With this, can we say that there is a bug to validate webhook HMAC in the repo that can be fixed by making some changes on - web/vendor/shopify/shopify-api/src/Webhooks/Registry.php - Line number 286 - we can update the function validateProcessHmac with the correct key for the webhooks to validate
Actual behaviour
Now for testing, we can trigger this webhook by clicking "Sent test" here (refer to attached image)
but we get below error
Now as per this issue - https://github.com/Shopify/shopify-app-template-php/issues/64 I get it what @paulomarg mentioned in the comment here - https://github.com/Shopify/shopify-app-template-php/issues/64#issuecomment-982793615
so I tried creating an order via the actual process of purchasing the product from the storefront
but still, I get the same error
Steps to reproduce the problem
tail -f web/storage/logs/laravel.log
Reduced test case
Checklist