I am using Offical shopify-api php library in the codeigniter 3 app. So now i have completed the app lisiting and now i run the Automated checks and two of the checks got failed
-
Provides mandatory compliance webhooks
-
Verifies webhooks with HMAC signatures these two are failed
I am using Offical shopify-api php library and i dont use Shopify CLI thats why i dont have toml file. I have created the app from Dev Dashboard. Because in New UI of Dev Dashboard we dont have GDPR mandatory webhooks input feilds where we define endpoints. We had them in previous ui
before the New Dev Dashboard. Now Shopify has removed it now i cannot add them manually in Shopify Partner Dashboard neither do i have toml file so what is the solution.
Hey @Shopping_IQ! You’re right that the mandatory compliance webhook fields are not configurable in the new Dev Dashboard - they’ve moved to being CLI-only configuration. Even though you created your app in the Dashboard without CLI, you can still link it and configure the webhooks.
Install the CLI if you haven’t (npm install -g @shopify/cli @shopify/app), then in your project directory run:
shopify app config link --client-id YOUR_CLIENT_ID
This generates a shopify.app.toml file. Add the compliance webhooks to it:
[webhooks]
api_version = "2024-10"
[[webhooks.subscriptions]]
compliance_topics = ["customers/data_request", "customers/redact", "shop/redact"]
uri = "https://your-app-domain.com/your-webhook-endpoint.php"
Then deploy with shopify app deploy.
For the HMAC verification, since you’re already using the shopify-api-php library, use its built-in webhook processing which handles signature validation for you. Your endpoint needs to return 401 for invalid signatures and 200 for valid ones.
I hope this helps!
Thank You @Donal-Shopify Now i successfully added the mendatory webhook compliance to the App version via CLI.