shopify how to validate webhook with nodejs

so in a previous video i demonstrated,how to use the shopify api to create a,web book and send those web books to,your local development environment by,generating a web book url that tunnels,all of shopify's workbook requests to,your local environment i have provided a,link to that video in the description as,a reference but in this video we're,going to be demonstrating how to verify,that our web books are indeed coming,from shopify shopify provides a header,the,x shopify h mark,sha256 editor,with a,signature for us to verify that our,workbooks are indeed originating from,shopify so in this video we're going to,be looking at how to implement the,verification in code so back to vs code,i'm just going to go to my server.js,and here in server.js i've defined a,couple of variables,the signature editor name which is,shopify h mark shaft 256,the,algorithm which is sha256 and the secret,this is the secret key that we need to,verify our web books,and we scroll down we have the code that,validates that the web book is indeed,coming from shopify but this code is,currently commented out that is why we,are currently successfully receiving our,workbooks without,any authentication check,so let's uncomment this code,and see what happens,just going to,move the comment,save,then to effect the changes i'm going to,go to,where my server is running,and,restart the server so that the change is,kicking,good,now i need to trigger my,web request once again,to inspect what will happen with the,verification check in place,so to do that i'm just going to go to,the event page,and click the retry button just going to,retry the web book,as you can see event is killed for retry,if we scroll down to the attempt section,we see the second attempt and as you can,see we now have a 500 arrow,if i click,that status we see a message here that,says that request body digest,this value,did not match the one that is been sent,by shopify,meaning that we are currently filling,the authentication check,now that's is not a mystery because if,you scroll up here you'll see that i'm,currently using a placeholder for the,secret key this secret key is required,for you to verify your workbook payload,this secret key along with the hmac,algorithm is used to calculate the,signature that is being sent in this,header so what happens when you receive,a web book you take this secret key the,same secret key that shopify used to,calculate the signature and you use it,to compute the same signature,as,that's been done here and then compare,the one that has been sent in the header,with the one that you just calculated if,you get a match then your web books are,originating from shopify,if you don't get the match then the,payload has been tampered with so how do,we get this secret key,how do we get this secret key and ensure,that we are using the right secret key,to compute our signature to do that in,the previous video we created a shopify,app a shopify private app so i'm on the,apps page i'm going to create i'm going,to click manage private apps rather,and go to my app,click on purchase api logo that's my app,and i'm going to scroll down and this is,the key that you need to verify your web,books as you can see secrets are used to,validate the integrity of web books,so one thing to note before we proceed,is that if you are using the shopify,admin to create your web books,this is the token that you would need,this is the secret rather that you will,need to verify your web books you'll,find the secret here in your shopify,admin under the web book section that's,under your listed web books you'll find,the secret here it says all your books,will be signed with,this secret,so you can verify their integrity so if,you are using the shopify admin to set,up web books this is the secret you're,going to use but if you're using the,shopify api you will need to create an,app and get the secret from the app,so this is going to be the shared secret,to validate your web books so i'm just,going to copy that,and go to my code and replace this,placeholder with the right value,so i'm going to save that once again,i'll go to my server,shut it down,and boot it back up,good now that my server is running once,again and go back to the event page and,we try for another attempt,as you can see the attempt is loading,loading loading and now we pass now we,have a 201 status code and our web book,is successfully logged

Congratulation! You bave finally finished reading shopify how to validate webhook with nodejs and believe you bave enougb understending shopify how to validate webhook with nodejs

Come on and read the rest of the article!