--- title: Webhook description: Contains functions for verifying Shopify webhooks. api_version: v3 api_name: shopify-app-remix source_url: html: 'https://shopify.dev/docs/api/shopify-app-remix/v3/authenticate/webhook' md: 'https://shopify.dev/docs/api/shopify-app-remix/v3/authenticate/webhook.md' --- # Webhook Contains functions for verifying Shopify webhooks. ## authenticate.​webhook(**[request](#authenticatewebhook-propertydetail-request)**​) Verifies requests coming from Shopify webhooks. ### Parameters * **request** **Request** **required** ### Returns * **Promise\>** ### WebhookContext ```ts WebhookContextWithoutSession | WebhookContextWithSession ``` ### WebhookContextWithoutSession * admin ```ts undefined ``` * apiVersion The API version used for the webhook. ```ts string ``` * payload The payload from the webhook request. ```ts Record ``` * session ```ts undefined ``` * shop The shop where the webhook was triggered. ```ts string ``` * subTopic The sub-topic of the webhook. This is only available for certain webhooks. ```ts string ``` * topic The topic of the webhook. ```ts Topics ``` * webhookId A unique ID for the webhook. Useful to keep track of which events your app has already processed. ```ts string ``` ### WebhookContextWithSession * admin An admin context for the webhook. Returned only if there is a session for the shop. ```ts AdminApiContext ``` * apiVersion The API version used for the webhook. ```ts string ``` * payload The payload from the webhook request. ```ts Record ``` * session A session with an offline token for the shop. Returned only if there is a session for the shop. Webhook requests can trigger after an app is uninstalled If the app is already uninstalled, the session may be undefined. Therefore, you should check for the session before using it. ```ts Session ``` * shop The shop where the webhook was triggered. ```ts string ``` * subTopic The sub-topic of the webhook. This is only available for certain webhooks. ```ts string ``` * topic The topic of the webhook. ```ts Topics ``` * webhookId A unique ID for the webhook. Useful to keep track of which events your app has already processed. ```ts string ``` ### AdminApiContext Provides utilities that apps can use to make requests to the Admin API. ```ts FeatureEnabled extends true ? AdminApiContextWithoutRest : AdminApiContextWithRest ``` ### FeatureEnabled ```ts Future extends FutureFlags ? Future[Flag] extends true ? true : false : false ``` ### FutureFlags Set future flags using the \`future\` configuration field to opt in to upcoming breaking changes. With this feature, you can prepare for major releases ahead of time, as well as try out new features before they are released. * removeRest When enabled, methods for interacting with the admin REST API will not be returned. This affects: \* \`authenticate.admin(request)\` \* \`authenticate.webhook(request)\` \* \`authenticate.flow(request)\` \* \`authenticate.appProxy(request)\` \* \`authenticate.fulfillmentService(request)\` \* \`unauthenticated.admin(shop)\` In a future release we will remove REST from the package completely. Please see: \[https://www\.shopify.com/ca/partners/blog/all-in-on-graphql]\(https://www\.shopify.com/ca/partners/blog/all-in-on-graphql) ```ts boolean ``` * unstable\_newEmbeddedAuthStrategy When enabled, embedded apps will fetch access tokens via \[token exchange]\(/docs/apps/auth/get-access-tokens/token-exchange). This assumes the app has scopes declared for \[Shopify managing installation]\(/docs/apps/auth/installation#shopify-managed-installation). Learn more about this \[new embedded app auth strategy]\(/docs/api/shopify-app-remix#embedded-auth-strategy). ```ts boolean ``` ### AdminApiContextWithoutRest * graphql Methods for interacting with the Shopify Admin GraphQL API ```ts GraphQLClient ``` ### GraphQLClient * query ```ts Operation extends keyof Operations ``` * options ```ts GraphQLQueryOptions ``` returns ```ts interface Promise { /** * Attaches callbacks for the resolution and/or rejection of the Promise. * @param onfulfilled The callback to execute when the Promise is resolved. * @param onrejected The callback to execute when the Promise is rejected. * @returns A Promise for the completion of which ever callback is executed. */ then(onfulfilled?: ((value: T) => TResult1 | PromiseLike) | undefined | null, onrejected?: ((reason: any) => TResult2 | PromiseLike) | undefined | null): Promise; /** * Attaches a callback for only the rejection of the Promise. * @param onrejected The callback to execute when the Promise is rejected. * @returns A Promise for the completion of the callback. */ catch(onrejected?: ((reason: any) => TResult | PromiseLike) | undefined | null): Promise; }, interface Promise {}, Promise: PromiseConstructor, interface Promise { readonly [Symbol.toStringTag]: string; }, interface Promise { /** * Attaches a callback that is invoked when the Promise is settled (fulfilled or rejected). The * resolved value cannot be modified from the callback. * @param onfinally The callback to execute when the Promise is settled (fulfilled or rejected). * @returns A Promise for the completion of the callback. */ finally(onfinally?: (() => void) | undefined | null): Promise; } ``` ### GraphQLQueryOptions * apiVersion The version of the API to use for the request. ```ts ApiVersion ``` * headers Additional headers to include in the request. ```ts Record ``` * signal An optional AbortSignal to cancel the request. ```ts AbortSignal ``` * tries The total number of times to try the request if it fails. ```ts number ``` * variables The variables to pass to the operation. ```ts ApiClientRequestOptions ``` ### ApiVersion * October24 ```ts 2024-10 ``` * January25 ```ts 2025-01 ``` * April25 ```ts 2025-04 ``` * July25 ```ts 2025-07 ``` * October25 ```ts 2025-10 ``` * January26 ```ts 2026-01 ``` * April26 ```ts 2026-04 ``` * Unstable ```ts unstable ``` ### AdminApiContextWithRest * graphql Methods for interacting with the Shopify Admin GraphQL API ```ts GraphQLClient ``` * rest Methods for interacting with the Shopify Admin REST API ```ts RestClientWithResources ``` ### RestClientWithResources ```ts RemixRestClient & {resources: Resources} ``` ### RemixRestClient * session ```ts Session ``` * get Performs a GET request on the given path. ```ts (params: GetRequestParams) => Promise ``` * post Performs a POST request on the given path. ```ts (params: PostRequestParams) => Promise ``` * put Performs a PUT request on the given path. ```ts (params: PostRequestParams) => Promise ``` * delete Performs a DELETE request on the given path. ```ts (params: GetRequestParams) => Promise ``` ### Session Stores App information from logged in merchants so they can make authenticated requests to the Admin API. * id The unique identifier for the session. ```ts string ``` * shop The Shopify shop domain, such as \`example.myshopify.com\`. ```ts string ``` * state The state of the session. Used for the OAuth authentication code flow. ```ts string ``` * isOnline Whether the access token in the session is online or offline. ```ts boolean ``` * scope The desired scopes for the access token, at the time the session was created. ```ts string ``` * expires The date the access token expires. ```ts Date ``` * accessToken The access token for the session. ```ts string ``` * onlineAccessInfo Information on the user for the session. Only present for online sessions. ```ts OnlineAccessInfo ``` * isActive Whether the session is active. Active sessions have an access token that is not expired, and has has the given scopes if scopes is equal to a truthy value. ```ts (scopes: string | string[] | AuthScopes, withinMillisecondsOfExpiry?: number) => boolean ``` * isScopeChanged Whether the access token includes the given scopes if they are provided. ```ts (scopes: string | string[] | AuthScopes) => boolean ``` * isScopeIncluded Whether the access token includes the given scopes. ```ts (scopes: string | string[] | AuthScopes) => boolean ``` * isExpired Whether the access token is expired. ```ts (withinMillisecondsOfExpiry?: number) => boolean ``` * toObject Converts an object with data into a Session. ```ts () => SessionParams ``` * equals Checks whether the given session is equal to this session. ```ts (other: Session) => boolean ``` * toPropertyArray Converts the session into an array of key-value pairs. ```ts (returnUserData?: boolean) => [string, string | number | boolean][] ``` ### OnlineAccessInfo * associated\_user The user associated with the access token. ```ts OnlineAccessUser ``` * associated\_user\_scope The effective set of scopes for the session. ```ts string ``` * expires\_in How long the access token is valid for, in seconds. ```ts number ``` ### OnlineAccessUser * account\_owner Whether the user is the account owner. ```ts boolean ``` * collaborator Whether the user is a collaborator. ```ts boolean ``` * email The user's email address. ```ts string ``` * email\_verified Whether the user has verified their email address. ```ts boolean ``` * first\_name The user's first name. ```ts string ``` * id The user's ID. ```ts number ``` * last\_name The user's last name. ```ts string ``` * locale The user's locale. ```ts string ``` ### AuthScopes A class that represents a set of access token scopes. * has Checks whether the current set of scopes includes the given one. ```ts (scope: string | string[] | AuthScopes) => boolean ``` * equals Checks whether the current set of scopes equals the given one. ```ts (otherScopes: string | string[] | AuthScopes) => boolean ``` * toString Returns a comma-separated string with the current set of scopes. ```ts () => string ``` * toArray Returns an array with the current set of scopes. ```ts (returnOriginalScopes?: boolean) => any[] ``` ### SessionParams * \[key: string] ```ts any ``` * accessToken The access token for the session. ```ts string ``` * expires The date the access token expires. ```ts Date ``` * id The unique identifier for the session. ```ts string ``` * isOnline Whether the access token in the session is online or offline. ```ts boolean ``` * onlineAccessInfo Information on the user for the session. Only present for online sessions. ```ts OnlineAccessInfo | StoredOnlineAccessInfo ``` * scope The scopes for the access token. ```ts string ``` * shop The Shopify shop domain. ```ts string ``` * state The state of the session. Used for the OAuth authentication code flow. ```ts string ``` ### StoredOnlineAccessInfo ```ts Omit & { associated_user: Partial; } ``` Examples ### Examples * #### ##### Description Update a metafield when a product is updated ##### /app/routes/\*\*.ts ```ts import {type ActionFunctionArgs} from '@remix-run/node'; import {authenticate} from '../shopify.server'; export const action = async ({request}: ActionFunctionArgs) => { const {topic, admin, payload, session} = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } switch (topic) { case 'PRODUCTS_UPDATE': await admin.graphql( `#graphql mutation setMetafield($productId: ID!, $time: String!) { metafieldsSet(metafields: { ownerId: $productId namespace: "my-app", key: "webhook_received_at", value: $time, type: "string", }) { metafields { key value } } } `, { variables: { productId: payload.admin_graphql_api_id, time: new Date().toISOString(), }, }, ); } return new Response(); }; ``` * #### ##### Description Use the \`admin\` object in the context to interact with the Admin API. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export async function action({ request }: ActionFunctionArgs) { const { admin } = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } const response = await admin?.graphql( `#graphql mutation populateProduct($input: ProductInput!) { productCreate(input: $input) { product { id } } }`, { variables: { input: { title: "Product Name" } } } ); const productData = await response.json(); return json({ data: productData.data }); } ``` * #### ##### Description Get the API version used for webhook request. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { apiVersion } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the request's POST payload. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { payload } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### /app/routes/webhooks.tsx ```ts import type { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "~/shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { session } = await authenticate.webhook(request); // Webhook requests can trigger after an app is uninstalled // If the app is already uninstalled, the session may be undefined. if (!session) { throw new Response(); } // Handle webhook request console.log("Received webhook webhook"); return new Response(); }; ``` * #### ##### Description Get the shop that triggered a webhook. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { shop } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the webhook sub-topic. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { subTopic } = await authenticate.webhook(request); return new Response(); }; ``` * #### ##### Description Get the event topic for the webhook. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { topic } = await authenticate.webhook(request); switch (topic) { case "APP_UNINSTALLED": // Do something when the app is uninstalled. break; } return new Response(); }; ``` * #### ##### Description Get the webhook ID. ##### /app/routes/webhooks.tsx ```ts import { ActionFunctionArgs } from "@remix-run/node"; import { authenticate } from "../shopify.server"; export const action = async ({ request }: ActionFunctionArgs) => { const { webhookId } = await authenticate.webhook(request); return new Response(); }; ``` *** ## Related [Interact with the Admin API. - Admin API context](https://shopify.dev/docs/api/shopify-app-remix/v3/apis/admin-api) ***