While creating a webhook for Shopify 'Order creation' event, how can I filter the data that is sent in the POST request JSON? It tends to send all the data by default, which includes lots of customer information which I don't want to share with the webhook. I couldn't find any option in the Admin dashboard.
Shopify just sends the whole order. If you want to limit that you could write your own webhook receiver and then filter and re-post the filtered data.
Some really low cost infrastructure for that would be an AWS Lambda function.
Rewind has a nice post showing the AWS setup needed for that which posts the webhooks to a queue to serialize downstream processing and handle spikes. You should be able to leverage their example to filter and there are tons of examples of how to post the filtered data on the internet.
Shopify webhooks are HTTPS. That means the payload is encrypted from prying eyes. Secondly, the webhook endpoint you create can inspect that security as Shopify includes authentication tokens.
So whether a webhook contains data you want or do not want, there is no sharing of that information with anyone. It is up to you to not share once you receive it. But that has zero to do with Shopify or the webhooks.
Related
I can assign system users to a specific WhatsApp Business Account by sending a POST request to this endpoint
https://graph.facebook.com/LATEST-VERSION/WHATSAPP-BUSINESS-ACCOUNT-ID/assigned_users
Link to documentation
But, apparently, there's no way to unassign them using a DELETE request
At the same time, documentation also says that DELETE calls to that endpoint count against rate limits
So, can I unassign a user from a WABA using any endpoint of any of the Meta APIs? Can't find it in the documentation.
Many thanks in advance
I have designed a app. I have questions regarding customer/data_request webhooks
In what format does Shopify expect app developers to respond to these webhooks?
Should our response be sent back to the merchant's email (even though the customer requested this data)?
As mentioned in the Shopify documentation when a customer requests their data from a store owner, Shopify sends a payload on the customers/data_request topic to the apps installed on that store. If your app has been granted access to customers or orders, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly.
This means you need to send the data to the merchant/store owner which the merchant needs to process and send the details to the customer. Alternatively, you can create a template and send the details directly to the customer on behalf of the Merchant.
You need to respond back to this webhook with a 200 success response.
Documentation: Link
I would like to integrate my backend API with several shopify clients by using webhook created by shopify.
I read that webhook is a push notification triggered by shopify. If I give my server endpoint (receiving order/creating a new customer) to my several shopify clients, how will I identify a different notification?
Will there be a unique identifier(per client) in the notification sent by shopify? It's because if I receive an order notification, I need to identify this order notification with one of my clients in my db.
Please advise me about this use case.
Thanks.
Per the Shopify Webhook Documentation, each webhook from Shopify contains a JSON payload and HTTP headers that provide context.
The X-Shopify-Shop-Domain HTTP header includes the domain of the shop, e.g., johns-apparel.myshopify.com. You can use this to identify the shop.
Every Webhook comes to you from Shopify with security information that allows you to determine if the incoming Webhook is even valid and every Webhook also tells you the shop the Webhook is coming from.
So you can use the shop information to figure things out. Straightforward!
Since apparently you're not reachable for API questions via email, I guess I'd have to put all the questions in here since it would be tedious to create one for each of them.
So we're planning on creating a webhooks system for our integrations to create a better experience for our users. There are a few pieces that are missing for our end to support having a Podio integration that runs 100% on webhooks.
Support organization level webhooks instead at the space level.
Send full object payload in the webhooks push so we don't need to fetch the resource again. Or at least provide a delta of changes.
Have a secret token header that you send with each request so we can assure the authenticity of the data (that it's actually from Podio and it's not someone trying to hack our system).
Github does a great job with this: https://developer.github.com/webhooks/#delivery-headers.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials. Do you automatically delete that webhook or do we need to contact the user or you guys to get rid of it?
Trello for instance deletes all webhooks associated with a token if it's revoked or a second option is our server sends a 410 Gone back and the webhook, well you guessed it, it's gone.
Do you think something like this is feasible in the near future?
Thanks for your insights :)
Seems pretty valid point. Are there any particular org operations that you are interested to have webhooks for? Can you also describe some use-cases for org level webhooks?
Sending full object payload is pretty complicated because items in Podio can be extremely big and it might be not needed for webhook to get all details. That's why we keep it small and tiny and let Podio partners build own complicated solutions based on webhooks.
Secret token is not much needed if there is only item_id sent in webhook. Let's review it on item modified scenario.
1) User (or anything else) modifies item
2) item.modified webhook is triggered with item_id
3) 3rd party app receives webhook
4) 3rd party app makes a call to Podio API (if it's needed) and gets all required information from Podio API
So, if webhook request is fake, then Podio API will return same item details and nothing is affected. If you want to have some extra layer of security: why not making webhook URL unique and specific to webhook? Then only Podio will know which URL to use to trigger this webhook.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials.
Sorry, but I don't understand your question. Can you please re-phrase it as new StackOverflow question?
Is it possible to get MailChimp or Mandrill to notify a webhook URL whenever a message is either created for a list, or scheduled to be sent, along with the list and message IDs?
I have a client that wants to intercept messages from his campaign, add special data from his server, then send the resulting template through his connected Mandrill account. I'm trying to figure out how to implement the first step in this process.
Although I know this is old someone may stumble into this thread, have you checked out the webhook information?
http://help.mandrill.com/entries/58303976-Message-Event-Webhook-format
It has an easy way to implement it inside the account. You just setup a URL to intercept and parse the incoming data. I recommend first saving the data then using a scheduled task to parse the job separately so you don't lose data (although mandrill will try 100x).
If the unique id is not enough for you with your events, and you are concerned about specific campaigns you can tag the emails upon send and they will have the tagged information with the incoming event.