Deliver webhooks through HTTPS

You might want to use HTTPS rather than a cloud-based event bus due to infrastructure requirements, where your domain knowledge lies, budget constraints, or because you want full control to customize your webhooks system. This approach will require additional steps, however, to ensure your system is production-ready and can handle receiving Shopify webhooks at scale. Shopify recommends using cloud-based event buses whenever possible to minimize this overhead.

  1. Notify Shopify that your app is receiving webhooks
  2. Validate the origin of each webhook
  3. Prepare your system to handle occasional bursts of webhook traffic
  • An app with webhook subscriptions configured using HTTPS delivery
  • Ensure your server is correctly configured to support HTTPS with a valid SSL certificate.

Shopify sends an HTTP POST request to the URI you have specified every time that event occurs. The HTTP POST request's parameters contain the JSON data relevant to the event that triggered the request. Shopify verifies SSL certificates when delivering payloads to HTTPS webhook addresses.