Databases
StackOverflow2013
Postsdbo
POShopify verify webhook call in Scala
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POShopify verify webhook call in Scala
    text
    copied!<p>I'm implementing a simple web service for a Shopify webhook to call using Play2. I want to verify the call is from Shopify using the 'X-Shopify-Hmac-Sha256' header parameter included.</p> <p>The Shopify docs only contain a Ruby and Php samples, not too hard to translate I thought. Well I seem to be struggling.</p> <p>Here is my simple Scala shopify util object:</p> <pre><code> import play.api.mvc.Request import play.api.mvc.AnyContent import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import play.api.Logger import javax.crypto.SecretKey import org.apache.commons.codec.binary.Base64 object ShopifyUtils { def verifyWebhookCall(request : Request[AnyContent], secretKey: String) : Boolean = { if (!request.headers.get("X-Shopify-Hmac-Sha256").isDefined) false else { val headerHash = request.headers.get("X-Shopify-Hmac-Sha256").getOrElse("") val body = request.body.asJson.get.toString Logger.info("json '" + request.body.asJson.get.toString + "' = " + encode(secretKey, request.body.asJson.get.toString) ); Logger.info("body '" + request.body.toString() + "' = " + encode(secretKey, request.body.toString) ) Logger.info("headerHash " + headerHash); val calcHash = encode(secretKey, body) headerHash.equals(calcHash) } } def encode(key: String , data: String): String = { val sha256_HMAC = Mac.getInstance("HmacSHA256"); val secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256"); sha256_HMAC.init(secret_key); return new String( Base64.encodeBase64( sha256_HMAC.doFinal( data.getBytes ) ) ).trim } } </code></pre> <p>The hash I generate is never the same as the one Shopify sends. </p> <p>Either my shared secret key is wrong (which I don't see how it can be) or I'm not hashing the same content as Shopify does (I've tried various <code>request.body</code> output formats).</p> <p>Any tips/guides/suggestions gratefully received.</p> <p>Tim</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload