SHA256 HMAC Verification on requests generated by app extension.
Created an APP extension that adds a post orders button to the orders action. After selecting an order and clicking the post butoon shopify sends this raw request.
GET /data?hmac=ec80a0468b4414504a6ff57de52ed8030e84f489b47f1b9830e91cb1f4203fc7&ids%5B%5D=934477070451&locale=en&shop=ubiquittous.myshopify.com×tamp=1544031593 HTTP/1.1 Host: 08e3e699.ngrok.io Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 X-Forwarded-Proto: https X-Forwarded-For: 22.214.171.124
Spent hours looking for documentation. I have been hashing the following string based on my interpetation of the docs I have read.
If you are wondering what method I am using to hash I am using a xojo routine that looks like this:
sha256 = Crypto.HMAC("my secret", body, Crypto.Algorithm.SHA256)
If any one has any help or suggestions they are greatly appreciated. I apologise if I have created a duplicate thread or asking on the wrong forum. I have seen some people mentioning that undocumented protocol=https:// needed to be added as part of the body, tried it no luck.