--- title: Webhook description: Contains functions for verifying Shopify webhooks. api_version: v4 latest api_name: shopify-app-remix source_url: html: 'https://shopify.dev/docs/api/shopify-app-remix/latest/authenticate/webhook' md: >- https://shopify.dev/docs/api/shopify-app-remix/latest/authenticate/webhook.md --- # Webhook Contains functions for verifying Shopify webhooks. ## authenticate.​webhook(**[request](#authenticatewebhook-propertydetail-request)**​) Verifies requests coming from Shopify webhooks. ### Parameters * **request** **Request** **required** ### Returns * **Promise\>** ### WebhookContext ```ts WebhookContextWithoutSession | WebhookContextWithSession ``` ### WebhookContextWithoutSession * action The action type: 'create', 'update', or 'delete'. Only available for events webhooks. ```ts string ``` * admin ```ts undefined ``` * apiVersion The API version used for the webhook. ```ts string ``` * eventId The unique event identifier. ```ts string ``` * handle The handle for the webhook subscription. Only available for events webhooks. ```ts string ``` * name The name assigned to the webhook subscription. Only available for traditional webhooks. ```ts string ``` * payload The payload from the webhook request. ```ts Record ``` * resourceId The GID of the resource that triggered the webhook. Only available for events webhooks. ```ts string ``` * session ```ts undefined ``` * shop The shop where the webhook was triggered. ```ts string ``` * subTopic The sub-topic of the webhook. Only available for traditional webhooks. ```ts string ``` * topic The topic of the webhook. ```ts Topics ``` * triggeredAt The timestamp when the webhook was triggered. ```ts string ``` * webhookId A unique ID for the webhook. Useful to keep track of which events your app has already processed. For events webhooks (\`webhookType === 'events'\`), this is set to the \`eventId\` value for backwards compatibility. Prefer using \`eventId\` directly for events webhooks — \`webhookId\` will be removed from events webhooks in the next major version. ```ts string ``` * webhookType The type of webhook: 'webhooks' for traditional webhooks or 'events' for events webhooks. ```ts WebhookTypeValue ``` ### WebhookContextWithSession * action The action type: 'create', 'update', or 'delete'. Only available for events webhooks. ```ts string ``` * admin An admin context for the webhook. Returned only if there is a session for the shop. ```ts AdminApiContext ``` * apiVersion The API version used for the webhook. ```ts string ``` * eventId The unique event identifier. ```ts string ``` * handle The handle for the webhook subscription. Only available for events webhooks. ```ts string ``` * name The name assigned to the webhook subscription. Only available for traditional webhooks. ```ts string ``` * payload The payload from the webhook request. ```ts Record ``` * resourceId The GID of the resource that triggered the webhook. Only available for events webhooks. ```ts string ``` * session A session with an offline token for the shop. Returned only if there is a session for the shop. Webhook requests can trigger after an app is uninstalled If the app is already uninstalled, the session may be undefined. Therefore, you should check for the session before using it. ```ts Session ``` * shop The shop where the webhook was triggered. ```ts string ``` * subTopic The sub-topic of the webhook. Only available for traditional webhooks. ```ts string ``` * topic The topic of the webhook. ```ts Topics ``` * triggeredAt The timestamp when the webhook was triggered. ```ts string ``` * webhookId A unique ID for the webhook. Useful to keep track of which events your app has already processed. For events webhooks (\`webhookType === 'events'\`), this is set to the \`eventId\` value for backwards compatibility. Prefer using \`eventId\` directly for events webhooks — \`webhookId\` will be removed from events webhooks in the next major version. ```ts string ``` * webhookType The type of webhook: 'webhooks' for traditional webhooks or 'events' for events webhooks. ```ts WebhookTypeValue ``` ### AdminApiContext Provides utilities that apps can use to make requests to the Admin API. * graphql Methods for interacting with the Shopify Admin GraphQL API ```ts GraphQLClient ``` ### GraphQLClient * query ```ts Operation extends keyof Operations ``` * options ```ts GraphQLQueryOptions ``` returns ```ts interface Promise { /** * Attaches callbacks for the resolution and/or rejection of the Promise. * @param onfulfilled The callback to execute when the Promise is resolved. * @param onrejected The callback to execute when the Promise is rejected. * @returns A Promise for the completion of which ever callback is executed. */ then(onfulfilled?: ((value: T) => TResult1 | PromiseLike) | undefined | null, onrejected?: ((reason: any) => TResult2 | PromiseLike) | undefined | null): Promise; /** * Attaches a callback for only the rejection of the Promise. * @param onrejected The callback to execute when the Promise is rejected. * @returns A Promise for the completion of the callback. */ catch(onrejected?: ((reason: any) => TResult | PromiseLike) | undefined | null): Promise; }, interface Promise {}, Promise: PromiseConstructor, interface Promise { readonly [Symbol.toStringTag]: string; }, interface Promise { /** * Attaches a callback that is invoked when the Promise is settled (fulfilled or rejected). The * resolved value cannot be modified from the callback. * @param onfinally The callback to execute when the Promise is settled (fulfilled or rejected). * @returns A Promise for the completion of the callback. */ finally(onfinally?: (() => void) | undefined | null): Promise; } ``` ### GraphQLQueryOptions * apiVersion The version of the API to use for the request. ```ts ApiVersion ``` * headers Additional headers to include in the request. ```ts Record ``` * signal An optional AbortSignal to cancel the request. ```ts AbortSignal ``` * tries The total number of times to try the request if it fails. ```ts number ``` * variables The variables to pass to the operation. ```ts ApiClientRequestOptions ``` ### ApiVersion * October24 ```ts 2024-10 ``` * January25 ```ts 2025-01 ``` * April25 ```ts 2025-04 ``` * July25 ```ts 2025-07 ``` * October25 ```ts 2025-10 ``` * January26 ```ts 2026-01 ``` * April26 ```ts 2026-04 ``` * Unstable ```ts unstable ``` ### Session Stores App information from logged in merchants so they can make authenticated requests to the Admin API. * id The unique identifier for the session. ```ts string ``` * shop The Shopify shop domain, such as \`example.myshopify.com\`. ```ts string ``` * state The state of the session. Used for the OAuth authentication code flow. ```ts string ``` * isOnline Whether the access token in the session is online or offline. ```ts boolean ``` * scope The desired scopes for the access token, at the time the session was created. ```ts string ``` * expires The date the access token expires. ```ts Date ``` * accessToken The access token for the session. ```ts string ``` * refreshToken The refresh token for the session. ```ts string ``` * refreshTokenExpires The date the refresh token expires. ```ts Date ``` * onlineAccessInfo Information on the user for the session. Only present for online sessions. ```ts OnlineAccessInfo ``` * isActive Whether the session is active. Active sessions have an access token that is not expired, and has has the given scopes if scopes is equal to a truthy value. ```ts (scopes: string | string[] | AuthScopes, withinMillisecondsOfExpiry?: number) => boolean ``` * isScopeChanged Whether the access token includes the given scopes if they are provided. ```ts (scopes: string | string[] | AuthScopes) => boolean ``` * isScopeIncluded Whether the access token includes the given scopes. ```ts (scopes: string | string[] | AuthScopes) => boolean ``` * isExpired Whether the access token is expired. ```ts (withinMillisecondsOfExpiry?: number) => boolean ``` * toObject Converts an object with data into a Session. ```ts () => SessionParams ``` * equals Checks whether the given session is equal to this session. ```ts (other: Session) => boolean ``` * toPropertyArray Converts the session into an array of key-value pairs. ```ts (returnUserData?: boolean) => [string, string | number | boolean][] ``` ### OnlineAccessInfo * associated\_user The user associated with the access token. ```ts OnlineAccessUser ``` * associated\_user\_scope The effective set of scopes for the session. ```ts string ``` * expires\_in How long the access token is valid for, in seconds. ```ts number ``` ### OnlineAccessUser * account\_owner Whether the user is the account owner. ```ts boolean ``` * collaborator Whether the user is a collaborator. ```ts boolean ``` * email The user's email address. ```ts string ``` * email\_verified Whether the user has verified their email address. ```ts boolean ``` * first\_name The user's first name. ```ts string ``` * id The user's ID. ```ts number ``` * last\_name The user's last name. ```ts string ``` * locale The user's locale. ```ts string ``` ### AuthScopes A class that represents a set of access token scopes. * has Checks whether the current set of scopes includes the given one. ```ts (scope: string | string[] | AuthScopes) => boolean ``` * equals Checks whether the current set of scopes equals the given one. ```ts (otherScopes: string | string[] | AuthScopes) => boolean ``` * toString Returns a comma-separated string with the current set of scopes. ```ts () => string ``` * toArray Returns an array with the current set of scopes. ```ts (returnOriginalScopes?: boolean) => any[] ``` ### SessionParams * \[key: string] ```ts any ``` * accessToken The access token for the session. ```ts string ``` * expires The date the access token expires. ```ts Date ``` * id The unique identifier for the session. ```ts string ``` * isOnline Whether the access token in the session is online or offline. ```ts boolean ``` * onlineAccessInfo Information on the user for the session. Only present for online sessions. ```ts OnlineAccessInfo | StoredOnlineAccessInfo ``` * refreshToken The refresh token for the session. ```ts string ``` * refreshTokenExpires The date the refresh token expires. ```ts Date ``` * scope The scopes for the access token. ```ts string ``` * shop The Shopify shop domain. ```ts string ``` * state The state of the session. Used for the OAuth authentication code flow. ```ts string ``` ### StoredOnlineAccessInfo ```ts Omit & { associated_user: Partial; } ``` Examples ### Examples * #### ##### Description Update a metafield when a product is updated ##### /app/routes/\*\*.ts ```ts import {type ActionFunctionArgs} from '@remix-run/node'; import {authenticate} from '../shopify.server'; export const action = async ({request}: ActionFunctionArgs) => { const {topic, admin, payload, session} = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } switch (topic) { case 'PRODUCTS_UPDATE': await admin.graphql( `#graphql mutation setMetafield($productId: ID!, $time: String!) { metafieldsSet(metafields: { ownerId: $productId namespace: "my-app", key: "webhook_received_at", value: $time, type: "string", }) { metafields { key value } } } `, { variables: { productId: payload.admin_graphql_api_id, time: new Date().toISOString(), }, }, ); } return new Response(); }; ``` * #### ##### Description Use the \`admin\` object in the context to interact with the Admin API. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export async function action({ request }: ActionFunctionArgs) { const { admin } = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } const response = await admin?.graphql( `#graphql mutation populateProduct($input: ProductInput!) { productCreate(input: $input) { product { id } } }`, { variables: { input: { title: "Product Name" } } } ); const productData = await response.json(); return json({ data: productData.data }); } ``` * #### ##### Description Get the API version used for webhook request. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { apiVersion } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the request's POST payload. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { payload } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### /app/routes/webhooks.tsx ```ts import type { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "~/shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { session } = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } // Handle webhook request console.log("Received webhook webhook"); return new Response(); }; ``` * #### ##### Description Get the shop that triggered a webhook. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { shop } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the webhook sub-topic. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { subTopic } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the event topic for the webhook. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { topic } = await authenticate.webhook(request); switch (topic) { case "APP_UNINSTALLED": // Do something when the app is uninstalled. break; } return new Response(); }; ``` * #### ##### Description Get the webhook ID. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { webhookId } = await authenticate.webhook(request); return new Response(); }; ``` *** ## Related [Interact with the Admin API. - Admin API context](https://shopify.dev/docs/api/shopify-app-remix/v4/apis/admin-api) ***