Validating Shopify Webhooks with AWS Lambda and Node.

First of go to AWS management console and create new lambda function, pick Node.js Runtime (this article was written on Node.js 12.x as runtime).

https://console.aws.amazon.com/

You will get something that looks like this:

exports.handler = async (event) => {
    // TODO implement
    const response = {
        statusCode: 200,
        body: JSON.stringify('Hello from Lambda!'),
    };
    return response;
};

O.K. let’s switch for a second to getting needed data from Shopify. Log in to your account go to Settings → Notifications → Scroll down, you will see Webhooks section. If you haven’t created any webhooks, you will not have integrity validation hash displayed here — thus you need to create even a dummy one for now. Press create webhook enter “whatever url” ie. https://google.com and click create. You will see hash under the list:

Copy validation hash

Copy the hash and let’s go back to to Lambda Editor.
Scroll down until you see Environment Variables:

Edit environment variables

Press Edit →
Add Enviroment Variable → as a Key put following name: webhook_verify_hash
in the value enter copied hash from Shopify, save and let’s move on.

Now you have environment variable that can be used in function.

We need the crypto package so lets add to first line:
const crypto = require(‘crypto’);

From now on we will be editing the handler function body exports.handler

Full Lamba will look like this (code with comments):

Full Gist with lambda

Thing to remember is that if you will not respond with 200 Shopify will try to retry the hook:

Shopify has implemented a five second timeout period and a retry period for subscriptions. Shopify waits five seconds for a response to each request to a webhook. If there is no response, or an error is returned, then Shopify retries the connection 19 times over the next 48 hours. If there are 19 consecutive failures, then the webhook subscription is deleted. A warning that the subscription will be deleted is sent to the app’s emergency developer email address.

To avoid timeouts and errors, consider deferring app processing until after the webhook response has been successfully sent

Next step is to configure API Gateway so we can receive the webhooks. We will only need POST method (if choosing REST API).

Click on Add trigger in API Gateway part of the Designer:

Very important:
The Shopify header x-shopify-hmac-sha256 will differ if you pick HTTP API or REST API:

• HTTP API: x-shopify-hmac-sha256
• REST API: X-Shopify-Hmac-Sha256

There is a check for this in the code, don’t ask me why… ask Amazon “yyy why you do this?” ;)

Now just copy the url that was created (I went for HTTP API here)

and let’s go to Shopify Webhooks to change the URL… after you have done it all that is left is to send the test notification

and after that you can check in CloudWatch if the request was successful

https://console.aws.amazon.com/cloudwatch/

you should see this in one of the log entries:

And thats it. Thanks for reading.