Security Tool

HMAC Validator

Securely verify webhook authenticity. Debug '401 Unauthorized' errors in seconds without server logs.

Shared Secret

Your app's client secret or webhook signing key.

Raw Request Body

Paste the raw JSON body exactly as received.

Received Header (X-Shopify-Hmac-Sha256)

Why it's important

Verifying webhook authenticity is crucial for security. This tool allows you to quickly debug '401 Unauthorized' errors by independently calculating the HMAC signature, confirming if your secret and payload are correct.

How to use it

1Enter your app's Shared Secret (from Shopify Partner Dashboard).
2Paste the raw JSON body of the webhook.
3Paste the X-Shopify-Hmac-Sha256 header from the request.
4Click 'Verify Signature' to see if they match.

Need a custom tool for your team?

We build custom internal tools, private apps, and MCP servers for scaling merchants.

Let's Build It