Fork me on GitHub

How Shopify Uses REST Hooks

Interview with David Underwood   -   Sep 18 2013

Home > How Shopify Uses REST Hooks

We were seeing really complex Shopify add-on setup intructions and our hook subscription mechanism solved that.

About Shopfy

Shopify is a powerful ecommerce website solution that allows you to sell online by providing everything you need to create an online store.

Case Study

Shopify launches their original API in 2009 in response to developers wanting to integrate with their Shopify online stores. Shopify is a Ruby on Rails shop which made it easy to spin up their original API.

REST Hooks were added after the original launch. Ecommerce is very real-time so an API that developers had to poll against was a serious drawback. Additionally, because so many Shopify customers are not developers, it had to be very user friendly to set up hook subscriptions. This is what REST Hooks offers.

In addition to the user-facing benefits, Shopify was able to reduce their server load dramatically.

REST hook feature Implemented?
Subscription based
Intent verification
Identity verification
Skinny payloads
Order of delivery

REST Hooks

Shopify offers the full gamut of hook subscription management. They have about 12 different hooks developers can subscribe to. They offer endpoints on their REST API to list hook subscriptions, receive counts (useful for verification), and create new webhook subscriptions.

Additionally, Shopify still lets developers and users create REST Hook subscriptions via their user intercace – an increasingly common pattern for services with large user bases.


Shopify has implemented a 10-second timeout period and a retry period for subscriptions. They wait 10 seconds for a response to each request, and if there isn't one or they get an error, they will retry the connection to a total of 19 times over the next 48 hours. A webhook will be deleted if there are 19 consecutive failures for the exact same webhook.

Fat Payloads

Shopify sends all their hooks over the wire with full API responses, meaning you do not need to perform another API call in order to get usable data.

Identity Verification

Webhooks created through the API by a Shopify App can be verified by calculating a digital signature. The digital signature is an HMAC SHA256 hash. Webhooks created manually through the Shopify UI cannot be verified.

You can read more about the verification procedure (and find sample code) here.

Shopify Resources

Shopify Home Page
API Documentation
REST Hooks Documentation