What are Shopify webhooks?

Webhooks are automated messages sent from Shopify to a URL you specify when specific events occur in your store. For example, when an order is placed, Shopify sends order data to your server, allowing you to trigger custom actions in real-time.

How do I create a webhook in Shopify?

Go to Settings > Notifications in your Shopify admin, scroll to Webhooks, and click Create webhook. Select the event, format (JSON or XML), and enter your endpoint URL. For API-created webhooks, use the Shopify Admin API.

How do I verify Shopify webhooks?

Shopify signs each webhook with an HMAC-SHA256 hash using your app's shared secret. Your endpoint should calculate the expected hash and compare it to the X-Shopify-Hmac-Sha256 header to verify the webhook is authentic.

What happens if my webhook endpoint fails?

If your endpoint returns an error or times out, Shopify will retry the webhook. After multiple failures over 48 hours, Shopify marks the webhook as failed and stops sending. You can view failed webhooks and re-register them.

Shopify Webhooks: Implementation Guide

Webhooks allow your systems to receive real-time notifications when events occur in your Shopify store. Instead of repeatedly polling the API to check for changes, webhooks push data to your server the moment something happens—an order is placed, a product is updated, or a customer registers. This guide covers how to implement and manage webhooks.

What Are Webhooks?

Webhooks are HTTP callbacks that send data to your server when events occur:

Event occurs: Customer places an order
Shopify sends data: POST request to your endpoint URL
Your server responds: Processes data and returns 200 OK

This enables real-time integrations without constantly checking for changes.

Common Webhook Events

Orders

orders/create: New order placed
orders/updated: Order modified
orders/cancelled: Order cancelled
orders/fulfilled: Order shipped
orders/paid: Payment completed

Products

products/create: New product added
products/update: Product modified
products/delete: Product removed

Customers

customers/create: New customer registered
customers/update: Customer info changed

Inventory

inventory_levels/update: Stock level changed

Creating Webhooks

Via Shopify Admin

Go to Settings > Notifications
Scroll to Webhooks
Click Create webhook
Select the event (e.g., "Order creation")
Choose format (JSON recommended)
Enter your endpoint URL
Click Save

Via API

Create webhooks programmatically using the Admin API:

POST /admin/api/2024-01/webhooks.json
{
  "webhook": {
    "topic": "orders/create",
    "address": "https://example.com/webhooks/orders",
    "format": "json"
  }
}

Receiving Webhooks

Your endpoint must:

Accept POST requests
Return HTTP 200 within 5 seconds
Process data asynchronously for long operations

Example Payload (Order Created)

{
  "id": 820982911946154508,
  "email": "customer@example.com",
  "created_at": "2024-01-15T10:30:00-05:00",
  "total_price": "99.99",
  "line_items": [...]
}

Security: Verifying Webhooks

Always verify webhooks are authentic before processing:

Get the X-Shopify-Hmac-Sha256 header from the request
Compute HMAC-SHA256 of the raw request body using your shared secret
Base64 encode your computed hash
Compare to the header value (timing-safe comparison)
Reject if they don't match

Verification Example (PHP)

$hmac_header = $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'];
$data = file_get_contents('php://input');
$calculated_hmac = base64_encode(hash_hmac('sha256', $data, $shared_secret, true));
$verified = hash_equals($hmac_header, $calculated_hmac);

Handling Retries

Shopify retries failed webhooks:

Retries occur for 48 hours if endpoint fails
Exponential backoff between retries
Webhook is marked "failed" after 19 retries
Duplicate webhooks may arrive—design for idempotency

Best Practices

Respond quickly: Return 200 immediately, process asynchronously
Handle duplicates: Use order/event IDs to prevent double-processing
Log everything: Store raw payloads for debugging
Monitor failures: Set up alerts for endpoint errors

Webhook Use Cases

ERP integration: Sync orders to accounting/inventory systems
Email notifications: Trigger custom emails on events
Fulfillment: Send orders to 3PL providers
Analytics: Track events in external analytics platforms
CRM updates: Sync customer data to CRM systems

Product and Collection Updates

Webhooks for product events can trigger updates to related systems when your collections change:

Sync product changes to external catalogs
Update search indexes when products change
Notify systems when inventory levels change

Automate Collection Updates: AWSM Collections automatically manages collection membership based on rules, reducing the need for custom webhook-based collection management.

Troubleshooting

Common Issues

Webhook not triggering: Verify the subscription is active and the event type is correct
Endpoint returning errors: Check server logs, verify URL is accessible
Verification failing: Ensure you're using the correct shared secret
Timeouts: Return 200 faster, process in background

Conclusion

Webhooks enable real-time integrations that keep your systems synchronized with your Shopify store. Always verify webhook authenticity, respond quickly to avoid timeouts, and design your processing to handle duplicates. For complex integrations, consider using a message queue to decouple receiving webhooks from processing them.