Request Verification for Generate Label Webhook

In your documentation, it reads " Each Webhook request includes a x-shiphero-hmac-sha256 header which is generated using the app’s shared secret, along with the data sent in the request.", but I noticed with the request header from our webhook does not have this header. Is this something we have to request, or am I missing something?

Thanks,

Kent

“RequestHeaders”:{
“Accept”:“/”,
“Accept-Encoding”:“gzip, deflate”,
“Content-Length”:“2941”,
“Content-Type”:“application/json”,
“Host”:“shipsimplyapi-staging.azurewebsites.net”,
“Max-Forwards”:“10”,
“User-Agent”:“ShipHero Request V1.0”,
“baggage”:“sentry-trace_id=be05477a92e1477193f5064de59ecd39,sentry-environment=prod,sentry-release=90fd509,sentry-public_key=890ec0b460304cc9abab81182e22d8fc,sentry-transaction=graphql”,
“sentry-trace”:“be05477a92e1477193f5064de59ecd39-a75e4a2c12f0901f-0”,
“X-ARR-LOG-ID”:“b2cf51f1-d676-4c19-a81e-58cc27dc5dd6”,
“CLIENT-IP”:“”,
“DISGUISED-HOST”:“”,
“X-SITE-DEPLOYMENT-ID”:“ShipSimplyAPI-Staging”,
“WAS-DEFAULT-HOSTNAME”:“”,
“X-Forwarded-Proto”:“https”,
“X-AppService-Proto”:“https”,
“X-ARR-SSL”:“2048|256|CN=Microsoft Azure TLS Issuing CA 02, O=Microsoft Corporation, C=US|CN=*.azurewebsites.net, O=Microsoft Corporation, L=Redmond, S=WA, C=US”,
“X-Forwarded-TlsVersion”:“1.2”,
“X-Forwarded-For”:“”,
“X-Original-URL”:“”,
“X-WAWS-Unencoded-URL”:“/api/v1/Labels/shiphero/printlabel”
}

Hey @kentroylance,

Thanks for reaching out!
I’ll look into this and get back to you shortly.

Please let me know if you have any questions or concerns.

Best,
RayanP

Hey @kentroylance,

Thanks for hanging in there!

Is your ShipHero Account associated with the same email that your community user is? I noticed that there are currently no registered webhooks for that account.

Typically, when this happens, it’s because there needs to be a corresponding API Secret (added at https://app.shiphero.com/dashboard/settings/api) to the shop name under which the webhook is registered.

If there’s no matching secret to the webhook’s store name, then the header is not created.

Please let me know if you have any questions or concerns.

Best,
RayanP

I have the api secret for this ShipHero account, is that what you need? How do you want me to send that to you?

Hey @kentroylance,

Thanks for hanging in there.

You don’t need to send me anything!
If the name of the shop the webhook is registered under matches the name of the API secret, the x-shiphero-hmac-sha256 will be sent automatically.

For example:

  • I register a webhook under the shop name of “xmas2023”

  • I have api credentials under the shop name of “xmas2023”

With both these conditions met, the x-shiphero-hmac-sha256 will be sent.

Please let me know if you have any questions or concerns.

Best,
RayanP

Hi Rayanp,

Can you please tell me the status of understanding why I am still getting an error when printing a label? Its interesting that the error details don’t really show the error, or the reason for the error, but just shows the response; which, is not very helpful. Can you please tell me the correct error that is being logged on your end?

Thanks,

Kent

Hey @kentroylance,

Thanks for hanging in there!

An agent is currently investigating that issue in the ZenDesk ticket associated.

I wanted to add that you cannot set the shop name field using the Generate Label Webhook. The Generate Label Webhook exclusively uses the “default” API Key, which is created automatically when the account is first set up.

Please let me know if you have any questions or concerns.

Best,
RayanP

Not sure what you mean by “you cannot set the shop name field using the Generate Label Webhook”, because in your webhook example it is setting the shop name. I really don’t care what I have to do to get this to work, just let me know what I need to change so that the x-shiphero-hmac-sha256 is returned.

https://developer.shiphero.com/webhooks#generate-label-webhook

Hey @kentroylance,

Thanks for hanging in there!

I apologize for the confusion here.

Without a default API secret (https://app.shiphero.com/dashboard/settings/api), the Generate Label Webhook won’t send the x-shiphero-hmac-sha256. I checked your account, and everything is configured correctly to receive the x-shiphero-hmac-sha256 for the GLW.

Are you still experiencing issues with that value not appearing?

Please let me know if you have any questions or concerns.

Best,
RayanP

Thanks! I finally have it working. Alissa discovered I wasn’t using the “default” value for the API secret, and so I once I changed it to “default”, it started working. Thanks for following up.

1 Like

@kentroylance where did you find the default API secret? Our account doesn’t have any secrets listed under API keys. What should I be looking for?

@hansontools If you do not have a default one, you can create a new one here: Sign In with Auth0. name it default, and you should start receiving the header.

Have a nice day!