Shopify Webhook Verification Returning 'Filter Chain Halted As :verify_request Rendered Or Redirected'

- 1 answer

I setup my app to receive Shopify webhooks. I followed the guide here

I made my own controller using

  include ShopifyApp::WebhookVerification

to authenticate the webhooks and my app

I set up my Shopify_app.rb file to send the webhooks to the correct route like this

    config.webhooks = [
    {topic: 'customers/create', address: 'https://*******'}, 
    {topic: 'checkouts/update', address: 'https://*******'},
    {topic: 'orders/create', address: 'https://*******'}

Im receiving the Webhooks but i keep getting the message

Filter chain halted as :verify_request rendered or redirected

here is my controller:

   class WebhooksController < ApplicationController
      include ShopifyApp::WebhookVerification

      #webhook that handles new contacts in the shopify application
      def new_contact
        shop = ShopifyShop.getShop(shop_domain)

        if !shop
          render json: {success: true} and return

          # begin
            raw_post = request.raw_post.force_encoding("UTF-8")

            contact.newShopifyContact(shop.default_tags, shop.organization_id,raw_post)
          # rescue Exception => e 
          #      ExceptionLog.track(, e.message, e.backtrace) 
          # end        
        render json: {success: true} 

terminal output when receiving the request:

i already tried adding

   skip_before_action :verify_authenticity_token

because i thought maybe my apps authentication was causing the 401

when i remove include ShopifyApp::WebhookVerification it goes into my method new_contact so i assume the issue is with include ShopifyApp::WebhookVerification

Im trying to verify the HMAC from the request myself using this code:

      header_hmac = request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"]
  digest ="sha256")
  calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, ENV['SHOPIFY_SECRET_KEY'],

  puts "header hmac: #{header_hmac}"
  puts "calculated hmac: #{calculated_hmac}"

  puts "Verified:#{ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, header_hmac)}"

And the verification comes back false, I'm using the correct API private key for my application i'm not sure if maybe theres a 3rd key that i need?

UPDATE 1: Seems like the issue is that

  config.webhooks = [
    {topic: 'customers/create', address: 'https://{url}'}, 
    {topic: 'checkouts/update', address: 'https://{url}'},
    {topic: 'orders/create', address: 'https://{url}'}

is not generating webhooks on the store that is installing the app.. not sure why yet



I ended up just running the job that generates webooks automatically like this:

    webhooks = [
        {topic: 'customers/create', address: ''}, 
        {topic: 'checkouts/update', address: ''},
        {topic: 'orders/create', address: ''}

    ShopifyApp::WebhooksManagerJob.perform_now(shop_domain: shopify_domain, shop_token: shopify_token, webhooks: webhooks)

you can find the code for the job that gets ran here: