Fix Shopify Embedded App HMAC
Summary
Freelancer Client is hiring: Fix Shopify Embedded App HMAC.
Location: Remote
I’m down to the very last hurdle on a public Shopify dropshipping app I’ve built: the embedded-app verification fails whenever an order-sync call hits our backend. The request reaches us, but HMAC validation throws an “Authentication error.”
The failure appears only while syncing orders from Shopify Admin—install flow and every other endpoint work fine.
I’ve triple-checked the shared secret, stepped through the signing logic, and hammered it with sample payloads, so the usual suspects look good.
What I need is an expert who has already wrestled with Shopify’s embedded-app security model and can pinpoint why the computed digest diverges, update the signing/verification code, and prove that every order webhook or Admin API call passes the check reliably. A short hand-over note outlining the change is all the documentation I’ll ask for.
A patched app (or pull request) where order-sync requests clear Shopify’s HMAC verification, letting the embedded app load without errors.
Skills: PHP, JavaScript, Python, Software Architecture, Shopify, Software Development, Web Development, API Development
Budget: $1500–$12500 USD
Source: Freelancer Client via Remote / Online. Apply on the source website.
Original
I’m down to the very last hurdle on a public Shopify dropshipping app I’ve built: the embedded-app verification fails whenever an order-sync call hits our backend. The request reaches us, but HMAC validation throws an “Authentication error.”
Here’s what I know so far:
• The failure appears only while syncing orders from Shopify Admin—install flow and every other endpoint work fine.
• I’ve triple-checked the shared secret, stepped through the signing logic, and hammered it with sample payloads, so the usual suspects look good.
What I need is an expert who has already wrestled with Shopify’s embedded-app security model and can pinpoint why the computed digest diverges, update the signing/verification code, and prove that every order webhook or Admin API call passes the check reliably. A short hand-over note outlining the change is all the documentation I’ll ask for.
Deliverable
– A patched app (or pull request) where order-sync requests clear Shopify’s HMAC verification, letting the embedded app load without errors.
If you’ve solved this exact headache before, let’s wrap it up quickly.
Location & Details
Apply on source →About this listing
This remote opportunity was imported from Freelancer and is shown here for discovery. To apply, follow the link to the original posting.