I'm using ShopifySharp to try and consume a Shopify order webhook as a Shopify Private App.
I can't get it to pass validation. My guess is the wrong secret key is being used.
Per ShopifySharp's code (line 236):
<param name="shopifySecretKey">Your app's secret key.</param>
Per their Shopify Developer's Handbook, it states to use your app's secret:
var isValidRequest = await AuthorizationService.IsAuthenticWebhook(
Request.Headers.ToKvps(),
Request.InputStream,
ApplicationEngine.ShopifySecretKey);
My Code:
var isValidRequest = await AuthorizationService.IsAuthenticWebhook(
Request.Headers.ToKvps(),
Request.InputStream,
shopifyPrivateAppSecretKey);
Finally figured it out. In hindsight, this is rather obvious :)
For a Private Shopify App, you don't use your App's Secret, because there is no reference to that within the context of a Private App. In this case, you use the Shared Secret Key in the Private App settings in the actual Store:
For a Public App (which we're also in the process of developing, so things were getting confused), you use your app's API Secret Key in your Partner App settings:
Hope that helps someone else...or maybe I'm the only dull one to get this confused :)