How to receive webhook response of shopify and verify in php ?

  • Post category:Shopify
  • Post last modified:February 6, 2023
  • Reading time:2 mins read

To receive a webhook response from Shopify and verify it in PHP, you can use the following steps:

  1. Create a route in your PHP application to handle the webhook request
  2. Retrieve the raw request payload and HMAC header
  3. Calculate the HMAC of the payload using the same secret key used by Shopify
  4. Compare the calculated HMAC with the HMAC header received in the request
  5. If the HMAC match, process the payload and return a 200 OK response, otherwise return a 401 Unauthorized response

$hmac_header = $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'];
$data = file_get_contents('php://input');
$calculated_hmac = base64_encode(hash_hmac('sha256', $data, $shared_secret, true));

if ($hmac_header == $calculated_hmac) {
  // HMAC is valid, process the request
  // ...

} else {
  // HMAC is invalid, return a 401 response

Leave a Reply