Subscribed webhooks were working fine before linking the app to a new toml config file. Now, getting webhook auth failed error, even for newly subscribed webhook topics via webhook graphql mutation
1 Like
You should provide some error logs here. How you verified webhook request, and how it failed?
1 Like
A few things I’d double-check:
- Verify your webhook signing secret: the API secret/signing key used for HMAC verification may have changed. Also make sure you’re using the correct `client_secret` from your app’s config.
- In `shopify.app.toml` make sure the `client_id` matches the app you expect.
- Regenerate API credentials to make sure it’s definitely the right one.
- Make sure you’ve run `shopify app deploy` so the configuration is properly synced.
Failing that, I’d try unsubscribing and resubscribing to a webhook topic after ensuring your secrets are aligned.
1 Like
When you link to a new toml config, check if your app switched from using the API secret key to the client_secret for HMAC verification or vice versa. Shopify has two different secrets in the app dashboard and which one you need depends on whether you’re using the older REST webhook subscriptions or the newer app config based webhooks. If the toml change moved your webhooks to be managed by the app config (declarative webhooks), the signing key used for verification is the client_secret from your Partners dashboard, not the API secret key from the app setup page. Easy to mix up since they look similar but they’re different values.
Also worth checking if your app went from custom app to public app or changed its authentication flow during the toml switch, because that would change the signing secret entirely.
I have encountered a similar problem before, where I implemented the webhook authentication logic myself. This is the official documentation provided by Shopify: