POST
/v1/orders/webhookOrder webhook
Receives Shopify order creation webhooks and routes orders to source stores.
Receives a Shopify orders/create webhook and triggers the order routing pipeline. This endpoint is authenticated via HMAC signature verification — not JWT or API keys.
How it works
- Shopify sends the order payload with HMAC headers
- The platform verifies the signature against the reseller store’s webhook secret
- The full order is fetched from the Shopify API
- Line items are matched to source stores by vendor tag
- One sync job is enqueued per matched source store
The endpoint returns 200 OK immediately with an empty body — all processing happens asynchronously via BullMQ to stay within Shopify’s 5-second webhook timeout.
Required headers
| Header | Description |
|---|---|
X-Shopify-Hmac-SHA256 | Base64-encoded HMAC-SHA256 signature of the raw request body |
X-Shopify-Shop-Domain | Originating Shopify shop domain (e.g. my-store.myshopify.com) |
Responses
200
Response
200 200 OK
{
"statusCode": 200,
"message": ""
}