Shopify App Store

Rishi_Malhotra · January 5, 2026, 11:10am

**Partner Dashboard not verifying GDPR compliance webhooks before app submission
**
Hi Team,

I have implemented all mandatory GDPR webhooks
(CUSTOMERS_DATA_REQUEST, CUSTOMERS_REDACT, SHOP_REDACT)
using the Admin GraphQL API.

Details:

Webhooks registered successfully and confirmed in logs
Endpoint returns HTTP 200
HMAC SHA256 verification implemented as per Shopify docs
Using stable API version 2024-07
Non-GDPR webhooks are verified correctly

However, in Partner Dashboard → Automated checks, the following remain red:

Provides mandatory compliance webhooks
Verifies webhooks with HMAC signatures

Shopify Support confirmed this requires manual validation by the App Review team.
Posting here to confirm if this is expected behavior before submission.

Thanks.

Kellan-Shopify · January 5, 2026, 9:04pm

Hi @Rishi_Malhotra,

For us to be able to look into specific examples of apps failing the App Store Review Preliminary steps, we would need you to login to the Shopify Help Center and reach out to Shopify Support Directly, so we can authenticate you with the partner account, and look into the specific app in question.

First of all, I just wanted to confirm as well that what you were told is incorrect, as these errors you experienced are from automated checks, and do not require manual validation by the App Review Team.

It’s only after you pass all the automated “Preliminary steps” checks, including Mandatory Webhook Subscription and HMAC Validation, and submit the actual app review, that the App Store Review team will manually review and approve or deny the application.

That said, if your app is still failing the automatic preliminary steps for HMAC validation and compliance webhook subscription, I would recommend checking the following, as they are common causes for these to fail.

For HMAC validation, the automated tests will check how your app responds to both valid and non valid webhooks, and this often fails as the app developers usually forget to reply to webhooks that fail the HMAC validation with a 401 HTTP Response code, as well as replying to webhooks that succeed the HMAC validation with a 201 HTTP Response code

Some other common pitfalls for Webhook HMAC Validation are listed in the Shopify.dev Documentation here:

Deliver webhooks through HTTPS

For the mandatory compliance webhook subscription, we do require that you subscribe to the webhooks via the app’s toml configuration file, as this ensure the webhooks are subscribed with the app installation. If you are subscribing to the mandatory webhooks via an API call after the app is installed, then it will fail the checks.

More information on subscribing to the mandatory compliance webhooks here:

Privacy law compliance

If you are still seeing the automated checks failing after reviewing the information I shared above, please do reach out to our Shopify Help Center, and our Support Team can help you look into this further with a specific app.

Topic		Replies	Views
Unable to submit app for review - Webhook validation stuck Shopify App Store partner-dash	1	64	November 11, 2025
⚙️ Shopify App Verification — Webhook & HMAC Checks Failing in Automated Review Shopify App Store app-store	2	90	November 14, 2025
I am creating public app Shopify App Store app-store	6	116	October 29, 2025
Requests for checking deprecated REST API calls Automated check fail for deprecated REST API calls Shopify App Store app-store , partner-dash	1	48	November 26, 2025
Automated checks fail for Provides mandatory compliance webhooks, Verifies webhooks with HMAC signatures Shopify App Store app-store , partner-dash	2	79	November 27, 2025

Shopify App Store

Related topics