Shopify is a powerful ecommerce website solution that allows you to sell online by providing everything you need to create an online store.
Shopify launches their original API in 2006 in response to developers wanting to integrate with their Shopify online stores. Shopify is a Ruby on Rails shop which made it easy to spin up their original API.
REST Hooks were added after the original launch. Ecommerce is very real-time so an API that developers had to poll against was a serious drawback. Additionally, because so many Shopify customers are not developers, it had to be very user friendly to set up hook subscriptions. This is what REST Hooks offers.
In addition to the user-facing benefits, Shopify was able to reduce their server load dramatically.
|REST hook feature||Implemented?|
|Order of delivery|
Shopify offers the full gamut of hook subscription management. They have about 12 different hooks developers can subscribe to. They offer endpoints on their REST API to list hook subscriptions, receive counts (useful for verification), and create new webhook subscriptions.
Additionally, Shopify still lets developers and users create REST Hook subscriptions via their user intercace – an increasingly common pattern for services with large user bases.
Shopify has implemented a 10-second timeout period and a retry period for subscriptions. They wait 10 seconds for a response to each request, and if there isn't one or they get an error, they will retry the connection to a total of 19 times over the next 48 hours. A webhook will be deleted if there are 19 consecutive failures for the exact same webhook.
Shopify sends all their hooks over the wire with full API responses, meaning you do not need to perform another API call in order to get usable data.
Webhooks created through the API by a Shopify App can be verified by calculating a digital signature. The digital signature is an HMAC SHA256 hash. Webhooks created manually through the Shopify UI cannot be verified.
You can read more about the verification procedure (and find sample code) here.