Has anyone who has worked with Shopify had success in verifying the HMAC passed by Shopify requests or webhooks to a WWWC app?
So far, I'm striking out.
Thanks,
Carl
wwEncryption supports HMAC hashes. But you have to know exactly how they are created to duplicate them.
+++ Rick ---
Thanks Rick,
The piece I was missing was loEncrypt.SetBinHexMode()
.
The computed value matched the HMAC passed by Shopify except that it was upper case. It seems rather coincidental that this is the only difference so am I right in guessing that the case does not matter?
Thanks.
Case shouldn't matter - it's a binary representation. But if it does for the provider use UPPER()
or LOWER()
to get it into the right case.
+++ Rick ---
Carl - do you mind sharing what you are doing with Shopify and WWWC? I have long been curious if anyone from our world works in theirs.
Carl - do you mind sharing what you are doing with Shopify and WWWC? I have long been curious if anyone from our world works in theirs.
Hi Michael,
Just investigating feasibility at this point.
I have a WWWC parts lookup service for pool & spa equipment that provides both interactive lookups and a JSON response for API calls. You can see it here...
Parts by Assembly
I'm looking into making an embedded app that can present point & click parts explosions in a Shopify store to enable consumers to visually find the parts they need and add them to the cart. If I can pull that off, I can provide that app to any online pool dealer with a Shopify store or help them build a Shopify store.
Right now, I'm trying to verify that I can handle all the security requirements. Verifying the HMAC is one of them.
Carl