I have searched the forum and apparently it is not possible to change the response code?
I have a wf which has to respond with 401 in case a condition is not met. How can i make it work if only 400 is returned?
I have searched the forum and apparently it is not possible to change the response code?
I have a wf which has to respond with 401 in case a condition is not met. How can i make it work if only 400 is returned?
You cannot “replace” a code by another because they doesn’t mean the same thing!
401 is unauthorized (that what Bubble will return if you activate the auth and doesn’t enter the correct api key)
404 if the endpoint doesn’t exist
405 if you select wrong method (GET instead of POST for example)
and 400 if there’s an error in request (missing fields for example)
theses errors messages are standard for all HTTP requests (API request) RFC 9110: HTTP Semantics
Can you explain more your use case because actually your request doesn’t make sense.
Sure, thank you for your reply!
In my app I listen to the endpoint /customers and when there is a request which has no valid HMAC header value it is suppose to response with 401. This is so its validated by Shopify
Right now it is sending 400 when the HMAC is not valid. Which will fail the validation:
it won’t work because the 401 is related to bubble auth, not to a “custom” auth.
However, I don’t think you need to return a 401 error. The HMAC sent from Shopify is for you to validate that the request really come from the Shopify API. According to this page:
bubble will consider any other message that is not 200 as an error.
I know that the script example they provide (HTTPS webhook delivery) use 401, but I don’t think it’s mandatory to use 401.
My app declined with this error message:
I have changed the wf and applied for another review but this error message points to the fact it is expecting a 401 and not a 400. I think otherwise it would say 4XX.
I will await the review but i doubt it will be ok this way.
So what I understand is that shopify test your endpoint to be sure that if there’s an error, it will return 401. but it’s not possible actually and more, you cannot verify the HMAC without allowing the WF to run (to use an action to decode and validate the HMAC header), that will automatically give a 200 answer everytime.
Documentation doesn’t have specification on that, but seem that the example give the only possible answer to expect.
I can verify the HMAC and i succeeded to do so.
I will send a 200 if this condition is true. otherwise it will send 400. And i want it to send 401.
But the problem is that there’s no 401 issue for Bubble because this is related to a “data” not to the auth. I understand that Shopify may expect a 401, but actually you will need to request a new feature in Bubble for that and I don’t think this will be something Bubble will implement soon. But give it a try https://bubble.io/ideaboard
Thats a bummer. How else will i be able to have my app verified. I will await Shopify’s response. If it declines i will request this as a new feature. Thank you for your time
I don’t know if a tool like make (integromat) could be use for your case. It’s another layer of process but it may help while you are waiting for your feature request
The app was moved on to the next step so i assume that shopify accepted 400
Hi genaaiv,
I am facing similar problem. I have a backend workflow for Shopify mandatory webhooks. Can you tell me how you are sending 400 when HMAC verification fails?
One more question is, how do you detact JSON in backend workflow for customers/data_request and shop/redact? I have managed to detect data for customer/redact but others mentioned above I am struggling with.
Thank you
Hi,
Have you gotten your issue fixed? I’m facing the same issue. Have you managed to verify the HMAC, and if so, how did you do it?
Thank you.
Hello @posting, @patelonline9,
This was for a client of mine who no longer needed my help after this issue was solved. Thus i no longer have access to the app, so I am not able to provide you with a clear instruction on how i did this. I simply dont remember the exact steps.
You can send me an email if you need my help solving it and I might be able to take a look.
Did you set conditions on the workflow? I cant see where the operator to do HMAX SHA256 digets