Webhooks configuration overview
Shopify can send webhook events through several different delivery method endpoints. Each delivery method requires different types of setup.
Requirements
Anchor link to section titled "Requirements"You're familiar with how webhooks work.
You're authenticated with the GraphQL Admin API or REST Admin API.
You have the required permissions for the topics you're subscribing to.
Webhook configuration flow
Anchor link to section titled "Webhook configuration flow"To receive webhooks, complete the following steps. The process for each step differs depending on the type of endpoint that you choose.
Create an endpoint of your choice to receive events that are published to a webhook topic.
Use the GraphQL Admin API or REST Admin API to create a webhook subscription that uses the endpoint as its destination.
If your app needs to stay in sync with Shopify, replace your local copy of any shop data with the webhook payload.
You also need to configure mandatory webhooks before publishing your app.
Supported endpoint types
Anchor link to section titled "Supported endpoint types"Shopify offers webhook delivery for three types of endpoints:
Amazon EventBridge: You create an Amazon EventBridge EventBus linked to a Shopify EventSource, and specify the ARN of the EventSource as the webhook subscription's endpoint.
Google Cloud Pub/Sub: You create a Google Cloud Pub/Sub topic to which Shopify can publish messages, and specify that topic as the webhook subscription's endpoint.
HTTPS: You create an HTTPS endpoint on your app as a webhook receiver, and specify that endpoint's URL as the webhook subscription's endpoint.
Limitations
Anchor link to section titled "Limitations"The Amazon EventBridge and Google Cloud Pub/Sub endpoints offer reliable, scalable solutions for handling unpredictable webhook volume. However, they are only available to apps that use AWS and Google Cloud.
The Google Cloud Pub/Sub GraphQL mutations are only available in API version 2021-07 and higher.
Any app can use HTTPS endpoints, but they can be difficult to scale because of large volumes of webhook traffic.
The following URLs can't be HTTPS endpoints for a webhook:
- Localhost
- Any URL that contains the word "localhost." For example,
https://{shop}-localhost.dev.com/webhooks/ - Any URL ending in the word "internal". For example,
{shop}.com/internal - Reserved domains, such as
www.example.com - Shopify domains, such as
shopify.comandmyshopify.com
- Configure an Amazon EventBridge, Google Cloud Pub/Sub, or HTTPS endpoint for webhook delivery.