Shopify Webhooks Integration

Complete guide to webhooks, debugging, and real-time event monitoring with HookMetry

Debugging Shopify Webhooks

Shopify uses HMAC-SHA256 signatures in the X-Shopify-Hmac-Sha256 header.

Setup Instructions

  1. 1Go to Shopify Admin Settings Notifications
  2. 2Scroll to "Webhooks" section
  3. 3Click "Create webhook"
  4. 4Select Event (e.g., Order creation, Product update)
  5. 5Set URL to your Hookmetry endpoint
  6. 6Choose Format: JSON
  7. 7Click "Save webhook"

Finding Your Webhook Secret

Shopify doesn't display the webhook secret directly. You need to use your API Secret Key:

  1. Go to Shopify Admin Apps Develop apps
  2. Select your app (or create one)
  3. Go to "API credentials" tab
  4. Copy the "API secret key" (NOT the API key or Access token)
  5. Use this secret in your Hookmetry endpoint configuration

Example Shopify Webhook Payload

{
  "id": 820982911946154508,
  "email": "customer@example.com",
  "created_at": "2023-03-01T12:00:00-05:00",
  "updated_at": "2023-03-01T12:00:00-05:00",
  "number": 1,
  "note": null,
  "total_price": "199.00",
  "subtotal_price": "199.00",
  "total_tax": "0.00",
  "currency": "USD",
  "financial_status": "paid",
  "confirmed": true,
  "line_items": [
    {
      "id": 466157049,
      "title": "Product Title",
      "price": "199.00",
      "quantity": 1,
      "sku": "PROD-001"
    }
  ],
  "customer": {
    "id": 207119551,
    "email": "customer@example.com",
    "first_name": "John",
    "last_name": "Doe"
  }
}

Common Issues

  • Signature Mismatch: Ensure you're using the API secret key, not the API key or password
  • Missing Header: Check that the webhook is active in Shopify settings (may auto-disable after failures)
  • Wrong Format: Must select JSON format, not XML, when creating the webhook
  • 403 Errors: Verify your Shopify app has webhook permissions enabled

Testing Tip:

Shopify provides a "Send test notification" button for webhooks. Use this to generate test events and verify your Hookmetry endpoint is capturing correctly.

Was this page helpful?

Your feedback helps us improve the docs.