Specs

request(Shopify.REST.Operation.t(), map()) :: response_t()

Send a request to Shopify.

Specs

verify_hmac_for_oauth(String.t(), String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Ensures an HTTP query string passes HMAC verification.

See verify_hmac_for_oauth/3 for more details.

Example

query = "code=0907a61c0c8d55e99db179b68161bc00&hmac=700e2dadb827fcc8609e9d5ce208b2e9cdaab9df07390d2cbca10d7c328fc4bf&shop=some-shop.myshopify.com&state=0.6784241404160823&timestamp=1337178173"
shared_secret = "hush"

{:ok, hmac} = Shopify.REST.verify_hmac_for_oauth(query, shared_secret)

Specs

verify_hmac_for_oauth(String.t(), String.t(), String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Verifies the Shopify HMAC signature.

This function will compute an SHA256 HMAC digest based on the provided message and shared_secret. The digest is then compared to the hmac signature. If they match, verification has passed. Otherwise verification has failed.

Example

hmac = "700e2dadb827fcc8609e9d5ce208b2e9cdaab9df07390d2cbca10d7c328fc4bf"
message = "code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com&timestamp=1337178173"
shared_secret = "hush"

{:ok, hmac} = Shopify.REST.verify_hmac_for_oauth(hmac, message, shared_secret)

Specs

verify_hmac_for_webhook(String.t(), String.t(), String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Same as verify_hmac_for_oauth/3 but intended to be used for verifying the signature of a webhook payload.

Example

hmac = "ruonad9ilcg3rhfv89nkzi4x7kkh7jibyhxkbewugvi="
body = "<webhook request body>"
shared_secret = "hush"

{:ok, hmac} = Shopify.REST.verify_hmac_for_webhook(hmac, body, shared_secret)