shaharsol
Reputation: 1022
How to veirfy Shopify webhook signature in node.js/express?
Shopify provides examples in Ruby and PHP to accomplish this. In my node/express app I try:
var data = querystring.stringify(req.body);
var calculatedSha256 = crypto.createHmac("SHA256", APP_SECRET).update(new Buffer(data, 'utf8')).digest('base64');
and also
var data = req.body;
var calculatedSha256 = crypto.createHmac("SHA256", APP_SECRET).update(new Buffer(data, 'utf8')).digest('base64');
but none of them provides an identical string to the one Shopify sends as a signature.
Upvotes: 4
Views: 2306
Answers (2)
knation
Reputation: 416
A bit old, but figured I'd post my solution:
var express = require('express')
, bodyParser = require('body-parser')
, crypto = require('crypto');
var app = express();
app.use(bodyParser.json({ verify: function(req, res, buf, encoding) {
req.headers['x-generated-signature'] = crypto.createHmac('sha256', 'SHARED_SECRET')
.update(buf)
.digest('base64');
} }));
app.post('/webhook', function(req, res) {
if (req.headers['x-generated-signature'] != req.headers['x-shopify-hmac-sha256']) {
return res.status(401).send('Invalid Signature');
}
});
Upvotes: 6
shaharsol
Reputation: 1022
Apparently the trick is to use the raw POST body, as described here: middleware for saving raw post data in the request object won't "next" and cause timeout
Upvotes: 3
Related Questions
- Nodejs - Expressjs - Verify shopify webhook
- Issues Matching WooCommerce WebHook signature on Node.JS
- Webhooks in shopify/shopify-api using nodejs
- shopify webhooks not firing in production
- SHA256 webhook signature from WooCommerce never verifies
- How to create signed webhook requests in nodejs?
- register webhooks on nodejs when order created
- Can't find data/payload from Shopify Webhook
- How to validate the shopify webhook api using nodejs
- Proper way to verify the signature coming from WooCommerce webhooks