This module provides a utility function to verify the authenticity of data received from Shopify webhooks. It uses HMAC (Hash-based Message Authentication Code) with SHA-256 hashing to ensure that the data has not been tampered with in transit.

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

Shopify Webhook Verification

Function Description

verify is a function that computes an HMAC for the given data and compares it with the HMAC provided in the Shopify webhook header. It's designed to be a robust and secure way to validate the integrity and authenticity of the data received from Shopify.

Arguments

data_bytes (bytes): The raw data for which the HMAC is being verified.
shared_secret (Union[bytes, bytearray]): The secret key used for HMAC generation.
hmac_sha256 (AnyStr): The base64 encoded HMAC string received in the Shopify webhook header.

Returns

bool: Returns True if the HMAC matches, False otherwise.

Installation

No specific installation steps required, just ensure you have Python 3.x installed.

Usage

Here's a basic usage example:

# The raw data received from Shopify
raw_data_as_bytes = request.data  # Replace with actual request data

# The HMAC header received from Shopify
hmac_sha256 = request.headers.get("X-Shopify-Hmac-Sha256")  # Replace with actual header

# The secret key provided by Shopify
shared_secret = "your_shared_secret_here".encode("utf-8")

# Perform verification
verified = verify(
    data_bytes=raw_data_as_bytes,
    hmac_sha256=hmac_sha256,
    shared_secret=shared_secret,
)

if verified:
    print("Verification successful!")
else:
    print("Verification failed!")

Logging

The function uses Python's built-in logging to report its status and errors. You can configure the logging level as per your requirement.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1.7

Nov 26, 2023

0.1.6

Nov 26, 2023

0.1.4

Nov 26, 2023

0.1.2

Nov 25, 2023

0.1.1

Nov 25, 2023

0.1.0

Nov 25, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

verifyshopify-0.1.7.tar.gz (2.4 kB view hashes)

Uploaded Nov 26, 2023 Source

Built Distribution

verifyshopify-0.1.7-py3-none-any.whl (3.1 kB view hashes)

Uploaded Nov 26, 2023 Python 3

Hashes for verifyshopify-0.1.7.tar.gz

Hashes for verifyshopify-0.1.7.tar.gz
Algorithm	Hash digest
SHA256	`684356e3dd1c676e9c60cc31e3e043da475ca9c138dd990ad51cf1baf9242636`
MD5	`c54c3f6ad3bf67009be908c3431a7760`
BLAKE2b-256	`0ebc59f2364b2ba81bfb3ca1865ede8ddb3a8014c3917d2e593e6a1d909130f2`

Hashes for verifyshopify-0.1.7-py3-none-any.whl

Hashes for verifyshopify-0.1.7-py3-none-any.whl
Algorithm	Hash digest
SHA256	`619480774d91533cc9798fce8f5db6ea7d2072fa609a3bbc681ccfbcd64cd05f`
MD5	`3814356c88f5f0500a31103dd6853813`
BLAKE2b-256	`16912539ade1851693d9dbcc5db5b23ca429b5214954dc3fd96761b4e586b387`