Closed ricardobrg closed 1 year ago
Before handling any API calls from Shopify, the signature must be verified.
This is how it is done for webhooks: https://shopify.dev/docs/apps/webhooks/configuration/https#step-5-verify-the-webhook And for installation request: https://shopify.dev/docs/apps/auth/oauth/getting-started#step-2-verify-the-installation-request
It should be used as a middleware in each route.
Use the webcrypto lib for cryptographic functions.
Before handling any API calls from Shopify, the signature must be verified.
This is how it is done for webhooks: https://shopify.dev/docs/apps/webhooks/configuration/https#step-5-verify-the-webhook And for installation request: https://shopify.dev/docs/apps/auth/oauth/getting-started#step-2-verify-the-installation-request
It should be used as a middleware in each route.
Use the webcrypto lib for cryptographic functions.