I have designed a app. I have questions regarding customer/data_request webhooks
In what format does Shopify expect app developers to respond to these webhooks?
Should our response be sent back to the merchant's email (even though the customer requested this data)?
As mentioned in the Shopify documentation when a customer requests their data from a store owner, Shopify sends a payload on the customers/data_request topic to the apps installed on that store. If your app has been granted access to customers or orders, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly.
This means you need to send the data to the merchant/store owner which the merchant needs to process and send the details to the customer. Alternatively, you can create a template and send the details directly to the customer on behalf of the Merchant.
You need to respond back to this webhook with a 200 success response.
Documentation: Link
Related
I am implementing subscriptions to a premium service on a website using Paypal as the payment service. I have successfully created a Catalog Product and Billing Plan through the API, and I am able to get to the payment page on Paypal, but it's not clear how I'm supposed to persist a user identifier through the purchase process.
I assumed it would be something along the lines of passing a user id somewhere, but there's nothing in the Paypal documentation about this. I need to be able to let the user make a purchase and have the Paypal webhook send the confirmation to an endpoint on my site, and that's where I'd expect to get their user id to toggle the subscription on their account on my end.
Is there something I'm missing? There has to be a way to do this cause I'd imagine it's a pretty common use case. If anyone has information or has done this before, I'd love to hear. Thanks.
The only truly secure way I've found when using javascript SDK, is to securely generate a unique custom_id on your server side associated with the user.
Then when you create the buttons, the 'createSubscription' function takes custom_id as a parameter.
Then use a webhook to receive events from your subscription and the custom_id will be present in the body of all BILLING.SUBSCRIPTION events under resource.custom_id.
I am able to get to the payment page on PayPal,
You are vague about what you are doing here. There are multiple ways (and some ways have multiple versions) of accepting subscriptions via PayPal, so it is important that you provide full details about the method you are using.
The time to associate a created subscription ID with a user ID is when it is approved, in the onApprove function if you are using a Smart Payment Button: https://developer.paypal.com/docs/subscriptions/integrate/#4-create-a-subscription
I created customer in Stripe with Elements. Now I need to check if customer exists in my web app (with axios request). As far as I know the only way to check if customer exists is to retrive him: https://stripe.com/docs/api/customers/retrieve.
I don't want customer's card information to be present in my app because of PCI compliance. But https://stripe.com/docs/api/customers/retrieve API gives card information in response. Is there any method which checks customer's status?
Thank you!
If you use the stripe provided card collection functionality then the actual card details will not be sent to your server instead stripe handles it and then provide you a token which we cannot reverse to all card details. After that all the data stripe api is returning can be stored on your server. Since it doesn't contain any credentials which can be used to charge the card without Secret key stored in your server.
https://stripe.com/docs/security
Regarding what data you want to show on your front end:
When you are sending request to your server from front end (and server checks customer with stripe api), in response from your server you can omit any information which you don't want to send to your front end. So essentially what you will be doing is that only restrict user to only their customer data you have on your server.
While creating a webhook for Shopify 'Order creation' event, how can I filter the data that is sent in the POST request JSON? It tends to send all the data by default, which includes lots of customer information which I don't want to share with the webhook. I couldn't find any option in the Admin dashboard.
Shopify just sends the whole order. If you want to limit that you could write your own webhook receiver and then filter and re-post the filtered data.
Some really low cost infrastructure for that would be an AWS Lambda function.
Rewind has a nice post showing the AWS setup needed for that which posts the webhooks to a queue to serialize downstream processing and handle spikes. You should be able to leverage their example to filter and there are tons of examples of how to post the filtered data on the internet.
Shopify webhooks are HTTPS. That means the payload is encrypted from prying eyes. Secondly, the webhook endpoint you create can inspect that security as Shopify includes authentication tokens.
So whether a webhook contains data you want or do not want, there is no sharing of that information with anyone. It is up to you to not share once you receive it. But that has zero to do with Shopify or the webhooks.
I would like to integrate my backend API with several shopify clients by using webhook created by shopify.
I read that webhook is a push notification triggered by shopify. If I give my server endpoint (receiving order/creating a new customer) to my several shopify clients, how will I identify a different notification?
Will there be a unique identifier(per client) in the notification sent by shopify? It's because if I receive an order notification, I need to identify this order notification with one of my clients in my db.
Please advise me about this use case.
Thanks.
Per the Shopify Webhook Documentation, each webhook from Shopify contains a JSON payload and HTTP headers that provide context.
The X-Shopify-Shop-Domain HTTP header includes the domain of the shop, e.g., johns-apparel.myshopify.com. You can use this to identify the shop.
Every Webhook comes to you from Shopify with security information that allows you to determine if the incoming Webhook is even valid and every Webhook also tells you the shop the Webhook is coming from.
So you can use the shop information to figure things out. Straightforward!
Shopify receives and stores information received from the gateway after a payment is made. It can be viewed in the orders page right at the bottom under Order History section. The words "customer successfully paid..." is a hyperlink. That information contains the authcode apart from some other credit card information. I just want the authcode. The webhook does not send this information in the xml data. Can you retrieve this through the API or is this not allowed? Thanks
Any gateway-specific info is provided through the receipt parameter on the Transactions API. If the token you're looking for isn't there, it's not available.
Thanks for your assistance. Apparently Shopify won't provide that information due to PCI compliance reasons. The payment provider that does the credit card processing will only send one response to Shopify and I was hoping I could get them to send me a response as well but that was wishful thinking on my part. The finance team will just have to log into Shopify and see that information if they need it.