Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@shopify/koa-shopify-webhooks
Advanced tools
@shopify/koa-shopify-webhooks
Register and receive webhooks from Shopify with ease. This package was created primarily for use with @shopify/koa-shopify-auth
and friends.
yarn add @shopify/koa-shopify-webhooks
function registerWebhook(options: {
address: string;
topic: Topic;
format: string;
accessToken: string;
shop: string;
apiVersion: ApiVersion;
}): {success: boolean; result: any};
Registers a webhook for the given topic
which will send requests to the given address
. Returns an object with success true
/ false
to indicate success or failure, as well as the parsed JSON of the response from Shopify. This function will throw if the fetch request it makes encounters an error.
function receiveWebhook({
secret: string;
// only respond to requests to this path
path?: string;
// call this function when a valid webhook is received
onReceived?(ctx: Context, next: () => unknown);
}): Middleware;
Creates a middleware that will verify whether incoming requests are legitimately from Shopify. Extracts webhook data into context or terminates the middleware chain.
import 'isomorphic-fetch';
import Koa from 'koa';
import session from 'koa-session';
import shopifyAuth, {verifyRequest} from '@shopify/koa-shopify-auth';
// Import our package
import {receiveWebhook, registerWebhook} from '@shopify/koa-shopify-webhooks';
const {SHOPIFY_API_KEY, SHOPIFY_SECRET} = process.env;
const app = new Koa();
app.keys = [SHOPIFY_SECRET];
app.use(session(app));
app.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_SECRET,
scopes: ['write_orders, write_products'],
async afterAuth(ctx) {
const {shop, accessToken} = ctx.session;
// register a webhook for product creation
const registration = await registerWebhook({
// for local dev you probably want ngrok or something similar
address: 'www.mycool-app.com/webhooks/products/create',
topic: 'PRODUCTS_CREATE',
accessToken,
shop,
apiVersion: 'unstable',
});
if (registration.success) {
console.log('Successfully registered webhook!');
} else {
console.log('Failed to register webhook', registration.result);
}
ctx.redirect('/');
},
}),
);
app.use(
// receive webhooks
receiveWebhook({
path: '/webhooks/products/create',
secret: SHOPIFY_SECRET,
// called when a valid webhook is received
onReceived(ctx) {
console.log('received webhook: ', ctx.state.webhook);
},
}),
);
app.use(verifyRequest());
app.use((ctx) => {
/* app code */
});
koa-router
and multiple webhooksimport 'isomorphic-fetch';
import Koa from 'koa';
import router from 'koa-router';
import session from 'koa-session';
import shopifyAuth, {verifyRequest} from '@shopify/koa-shopify-auth';
// Import our package
import {receiveWebhook, registerWebhook} from '@shopify/koa-shopify-webhooks';
const {SHOPIFY_API_KEY, SHOPIFY_SECRET} = process.env;
const app = new Koa();
const router = new Router();
app.keys = [SHOPIFY_SECRET];
app.use(session(app));
app.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_SECRET,
scopes: ['write_orders, write_products'],
async afterAuth(ctx) {
const {shop, accessToken} = ctx.session;
await registerWebhook({
address: 'www.mycool-app.com/webhooks/products/create',
topic: 'PRODUCTS_CREATE',
accessToken,
shop,
apiVersion: 'unstable',
});
await registerWebhook({
address: 'www.mycool-app.com/webhooks/orders/create',
topic: 'ORDERS_CREATE',
accessToken,
shop,
apiVersion: 'unstable',
});
ctx.redirect('/');
},
}),
);
const webhook = receiveWebhook({secret: SHOPIFY_SECRET});
router.post('/webhooks/products/create', webhook, () => {
/* handle products create */
});
router.post('/webhooks/orders/create', webhook, () => {
/* handle orders create */
});
router.get('*', verifyRequest(), () => {
/* app code */
});
app.use(router.allowedMethods());
app.use(router.routes());
Make sure to install a fetch polyfill, since internally we use it to make HTTP requests.
In your terminal
yarn add isomorphic-fetch
In your app
import 'isomorphic-fetch'
OR
require('isomorphic-fetch')
FAQs
Receive webhooks from Shopify with ease
The npm package @shopify/koa-shopify-webhooks receives a total of 3,410 weekly downloads. As such, @shopify/koa-shopify-webhooks popularity was classified as popular.
We found that @shopify/koa-shopify-webhooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 24 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.