shopify webhook - identify a different client - shopify

I would like to integrate my backend API with several shopify clients by using webhook created by shopify.
I read that webhook is a push notification triggered by shopify. If I give my server endpoint (receiving order/creating a new customer) to my several shopify clients, how will I identify a different notification?
Will there be a unique identifier(per client) in the notification sent by shopify? It's because if I receive an order notification, I need to identify this order notification with one of my clients in my db.
Please advise me about this use case.
Thanks.

Per the Shopify Webhook Documentation, each webhook from Shopify contains a JSON payload and HTTP headers that provide context.
The X-Shopify-Shop-Domain HTTP header includes the domain of the shop, e.g., johns-apparel.myshopify.com. You can use this to identify the shop.

Every Webhook comes to you from Shopify with security information that allows you to determine if the incoming Webhook is even valid and every Webhook also tells you the shop the Webhook is coming from.
So you can use the shop information to figure things out. Straightforward!

Related

BigCommerce outgoing webhook when an order is placed

I am creating a custom app on the BigCommerce platform. I am wondering if it is possible to send a webhook request going from BigCommerce when an order has been placed. Currently I can only see that it is sending an email notification, but I would like to send a webhook request to a url instead.
For example, so that a post request is sent from BigCommerce to a certain URL everytime an order has been placed.
Use the Webhooks API to create a new webhook that fires on a new order:
https://developer.bigcommerce.com/api-reference/store-management/webhooks/webhooks/createwebhooks
That includes an endpoint you can specify to listen to events - that payload contains the order id of the new order.
More info here: https://developer.bigcommerce.com/api-docs/store-management/webhooks/overview
And all events here:
https://developer.bigcommerce.com/api-docs/store-management/webhooks/events

General question regarding customer/data_request webhooks

I have designed a app. I have questions regarding customer/data_request webhooks
In what format does Shopify expect app developers to respond to these webhooks?
Should our response be sent back to the merchant's email (even though the customer requested this data)?
As mentioned in the Shopify documentation when a customer requests their data from a store owner, Shopify sends a payload on the customers/data_request topic to the apps installed on that store. If your app has been granted access to customers or orders, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly.
This means you need to send the data to the merchant/store owner which the merchant needs to process and send the details to the customer. Alternatively, you can create a template and send the details directly to the customer on behalf of the Merchant.
You need to respond back to this webhook with a 200 success response.
Documentation: Link

How to filter the data sent to a Shopify webhook?

While creating a webhook for Shopify 'Order creation' event, how can I filter the data that is sent in the POST request JSON? It tends to send all the data by default, which includes lots of customer information which I don't want to share with the webhook. I couldn't find any option in the Admin dashboard.
Shopify just sends the whole order. If you want to limit that you could write your own webhook receiver and then filter and re-post the filtered data.
Some really low cost infrastructure for that would be an AWS Lambda function.
Rewind has a nice post showing the AWS setup needed for that which posts the webhooks to a queue to serialize downstream processing and handle spikes. You should be able to leverage their example to filter and there are tons of examples of how to post the filtered data on the internet.
Shopify webhooks are HTTPS. That means the payload is encrypted from prying eyes. Secondly, the webhook endpoint you create can inspect that security as Shopify includes authentication tokens.
So whether a webhook contains data you want or do not want, there is no sharing of that information with anyone. It is up to you to not share once you receive it. But that has zero to do with Shopify or the webhooks.

Podio API - webhooks insights

Since apparently you're not reachable for API questions via email, I guess I'd have to put all the questions in here since it would be tedious to create one for each of them.
So we're planning on creating a webhooks system for our integrations to create a better experience for our users. There are a few pieces that are missing for our end to support having a Podio integration that runs 100% on webhooks.
Support organization level webhooks instead at the space level.
Send full object payload in the webhooks push so we don't need to fetch the resource again. Or at least provide a delta of changes.
Have a secret token header that you send with each request so we can assure the authenticity of the data (that it's actually from Podio and it's not someone trying to hack our system).
Github does a great job with this: https://developer.github.com/webhooks/#delivery-headers.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials. Do you automatically delete that webhook or do we need to contact the user or you guys to get rid of it?
Trello for instance deletes all webhooks associated with a token if it's revoked or a second option is our server sends a 410 Gone back and the webhook, well you guessed it, it's gone.
Do you think something like this is feasible in the near future?
Thanks for your insights :)
Seems pretty valid point. Are there any particular org operations that you are interested to have webhooks for? Can you also describe some use-cases for org level webhooks?
Sending full object payload is pretty complicated because items in Podio can be extremely big and it might be not needed for webhook to get all details. That's why we keep it small and tiny and let Podio partners build own complicated solutions based on webhooks.
Secret token is not much needed if there is only item_id sent in webhook. Let's review it on item modified scenario.
1) User (or anything else) modifies item
2) item.modified webhook is triggered with item_id
3) 3rd party app receives webhook
4) 3rd party app makes a call to Podio API (if it's needed) and gets all required information from Podio API
So, if webhook request is fake, then Podio API will return same item details and nothing is affected. If you want to have some extra layer of security: why not making webhook URL unique and specific to webhook? Then only Podio will know which URL to use to trigger this webhook.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials.
Sorry, but I don't understand your question. Can you please re-phrase it as new StackOverflow question?

Determine Shop To Which Fulfilled Order From Webhook Belongs

I have a Shopify app that creates a webhook for orders/fulfilled when a shop signs up, I also save some details about the shop as well as it's products.
When Shopify sends me fulfilled orders via the webhook, i want to associate this order with the appropriate shop to which it belongs.
I have looked in the data sent, but there's no shop name or shop url.
Is there a way for me to determine which shop the orders belong to?
Thanks.
If you have setup a Webhook then you know two things for sure.
The domain of the shop calling you is in the header
There is authentication information in the header you have to use
If you are not authenticating your webhook you're doing it wrong. So the short answer to determining which shop is calling you is to look inside the header for the domain.