This module provides a utility function to verify the authenticity of data received from Shopify webhooks. It uses HMAC (Hash-based Message Authentication Code) with SHA-256 hashing to ensure that the data has not been tampered with in transit.
Project description
Shopify Webhook Verification
This module provides a utility function to verify the authenticity of data received from Shopify webhooks. It uses HMAC (Hash-based Message Authentication Code) with SHA-256 hashing to ensure that the data has not been tampered with in transit.
Function Description
verify is a function that computes an HMAC for the given data and compares it with the HMAC provided in the Shopify webhook header. It's designed to be a robust and secure way to validate the integrity and authenticity of the data received from Shopify.
Arguments
- data_bytes (bytes): The raw data for which the HMAC is being verified.
- shared_secret (Union[bytes, bytearray]): The secret key used for HMAC generation.
- hmac_sha256 (AnyStr): The base64 encoded HMAC string received in the Shopify webhook header.
Returns
bool: Returns True if the HMAC matches, False otherwise.
Installation
No specific installation steps required, just ensure you have Python 3.x installed.
Usage
Here's a basic usage example:
# The raw data received from Shopify
raw_data_as_bytes = request.data # Replace with actual request data
# The HMAC header received from Shopify
hmac_sha256 = request.headers.get("X-Shopify-Hmac-Sha256") # Replace with actual header
# The secret key provided by Shopify
shared_secret = "your_shared_secret_here".encode("utf-8")
# Perform verification
verified = verify(
data_bytes=raw_data_as_bytes,
hmac_sha256=hmac_sha256,
shared_secret=shared_secret,
)
if verified:
print("Verification successful!")
else:
print("Verification failed!")
Logging
The function uses Python's built-in logging to report its status and errors. You can configure the logging level as per your requirement.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file verifyshopify-0.1.7.tar.gz.
File metadata
- Download URL: verifyshopify-0.1.7.tar.gz
- Upload date:
- Size: 2.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.9.6 Darwin/23.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 684356e3dd1c676e9c60cc31e3e043da475ca9c138dd990ad51cf1baf9242636 |
|
| MD5 | c54c3f6ad3bf67009be908c3431a7760 |
|
| BLAKE2b-256 | 0ebc59f2364b2ba81bfb3ca1865ede8ddb3a8014c3917d2e593e6a1d909130f2 |
File details
Details for the file verifyshopify-0.1.7-py3-none-any.whl.
File metadata
- Download URL: verifyshopify-0.1.7-py3-none-any.whl
- Upload date:
- Size: 3.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.9.6 Darwin/23.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 619480774d91533cc9798fce8f5db6ea7d2072fa609a3bbc681ccfbcd64cd05f |
|
| MD5 | 3814356c88f5f0500a31103dd6853813 |
|
| BLAKE2b-256 | 16912539ade1851693d9dbcc5db5b23ca429b5214954dc3fd96761b4e586b387 |
