Has anyone who has worked with Shopify had success in verifying the HMAC passed by Shopify requests or webhooks to a WWWC app?
So far, I'm striking out.
Thanks,
Carl
wwEncryption supports HMAC hashes. But you have to know exactly how they are created to duplicate them.
+++ Rick ---
Thanks Rick,
The piece I was missing was loEncrypt.SetBinHexMode().
The computed value matched the HMAC passed by Shopify except that it was upper case. It seems rather coincidental that this is the only difference so am I right in guessing that the case does not matter?
Thanks.
Case shouldn't matter - it's a binary representation. But if it does for the provider use UPPER() or LOWER() to get it into the right case.
+++ Rick ---
Thanks, Rick.
Carl
Carl - do you mind sharing what you are doing with Shopify and WWWC? I have long been curious if anyone from our world works in theirs.
Carl - do you mind sharing what you are doing with Shopify and WWWC? I have long been curious if anyone from our world works in theirs.
Hi Michael,
Just investigating feasibility at this point.
I have a WWWC parts lookup service for pool & spa equipment that provides both interactive lookups and a JSON response for API calls. You can see it here...
Parts by Assembly
I'm looking into making an embedded app that can present point & click parts explosions in a Shopify store to enable consumers to visually find the parts they need and add them to the cart. If I can pull that off, I can provide that app to any online pool dealer with a Shopify store or help them build a Shopify store.
Right now, I'm trying to verify that I can handle all the security requirements. Verifying the HMAC is one of them.
Carl