Set up Shopify GDPR Webhooks without code

You're so close to launching your Shopify App on the Shopify App Store. You've created your listing, crafted an entire app, and ready to launch. But oh no, the App Review team says you haven't implemented the mandatory GDPR webhooks!

Learn how to build a workflow to set up the GDPR webhooks for Shopify Apps

With Pipedream, you can easily implement the GDPR webhooks without deploying any code to your main app.

In this short tutorial, we'll show you how to create an Webhook in Pipedream and verify the Shopify request and then use database queries to fulfill the three mandatory GDPR webhooks that Shopify requires in order to publish your app.

Copy this workflow directly to your own Pipedream account.

Or if you would like to build it yourself, follow these steps.

Create a new HTTP triggered Workflow

First, open a new Pipedream workflow and select the HTTP / Webhook trigger.

This will create a unique URL to trigger this workflow. Copy this URL, we'll need it for the next step.

Register the URL with Shopify

Within the Shopify Partner dashboard, open up your app, and click App Setup.

Scroll down to the GDPR Webhooks section, and paste in your new workflow URL:

Create a sample Customer Data Request

Within a test store with your app installed, open a customer profile and click the Request Data button on the right hand side:

This will trigger Shopify to send a GDPR request to your new webhook.

Verifying the Shopify GDPR Webhook - without code

We've recently published a new action that will automatically verify the Shopify Webhook.

Just search for Shopify Partner in a new step and select the Verify Webhook action.

You just need to tie the request data to this step, and it will automatically verify the webhook or stop the workflow if it's not valid.

  1. Copy and paste your Shopify App Private Key into the field
  2. Enter in {{steps.trigger.event.headers["x-shopify-hmac-sha256"]}} for the Shopify Signature field.
  3. Last, enter in {{ steps.trigger.event.body }} for the Body field

Click Test to verify the webhook.

Requesting customer data

Last, you'll have to actually retrieve the data. Pipedream has support for all major databases, including MongoDb, MySQL, and Postgres.

Use the pre-built actions to query your database for this information on the customer, and then share it with the merchant by email.

Learn more and get connected!

🔨  Start building at https://pipedream.com
📣  Read our blog https://pipedream.com/blog
💬  Join our community https://pipedream.com/community