Hello, do I need to check if the request is from shopify in a shopify remix app?
How to skip duplicated webhook?
export const action = async ({ request }) => {
const { admin, payload, shop, session, topic } = await authenticate.webhook(request);
console.log(`Received ${topic} webhook for ${shop}`);
// Webhook requests can trigger multiple times and after an app has already been uninstalled.
// If this webhook already ran, the session may have been deleted previously.
if (session) {
console.log(payload);
//await db.session.deleteMany({ where: { shop } });
return new Response();
Hey @Antonio_Chiuchiolo - Dmitri is spot on, authenticate.webhook(request) already handles HMAC verification for you so you don’t need any additional checks to confirm the request is from Shopify.
For handling duplicate webhooks, you’ll want to make use of the webhookId that’s returned from authenticate.webhook(request). Shopify uses at-least-once delivery so duplicates are expected, the easiest thing to do is to store each webhookId you’ve processed (in your database, Redis, etc.) and check against it before doing any work. If you’ve already seen that ID, just return a 200 and skip processing.
There’s a bit more info on the available return values (including webhookId) here:
Hope that helps, let me know if you have any questions!