Webhooks

PinPoint uses webhooks to receive real-time notifications from Shopify.

Overview

Webhooks are HTTP callbacks that Shopify sends to PinPoint when certain events occur in your store. PinPoint uses these to stay synchronized with your Shopify data.

Subscribed Webhooks

PinPoint automatically subscribes to the following webhook topics:

TopicDescription
app/uninstalledApp was uninstalled from the store
shop/redactGDPR data deletion request
customers/data_requestGDPR customer data access request
customers/redactGDPR customer data deletion request

How Webhooks Are Handled

App Uninstalled

When a merchant uninstalls PinPoint:

  • The shop is marked as inactive
  • Active subscriptions are cancelled
  • Store locator widget stops functioning

Store data is retained for 30 days in case the merchant reinstalls. After 30 days, data may be permanently deleted.

Shop Redact (GDPR)

When Shopify requests shop data deletion:

  • All store locations are deleted
  • Settings and configuration are deleted
  • Analytics data is deleted
  • Products and associations are deleted
  • Submissions and custom fields are deleted
  • Webhook event logs are deleted
GDPR CompliancePinPoint is fully GDPR compliant. Data deletion requests are processed automatically within the required timeframe.

Customer Data Request

PinPoint does not store personal customer data beyond optional submission contact information. Customer data requests are logged and acknowledged.

Customer Redact

If a customer requests data deletion, any store submissions they made (if identified by email) are processed accordingly.

Webhook Security

All incoming webhooks are verified using HMAC-SHA256 signatures:

  1. Shopify includes an X-Shopify-Hmac-Sha256 header with each request
  2. PinPoint computes the expected HMAC using the shared secret
  3. If the signatures don't match, the webhook is rejected

This ensures webhooks can only come from Shopify, not from malicious sources.

Webhook Event Logs

All received webhooks are logged with:

  • Topic (event type)
  • Payload (event data)
  • Timestamp
  • Processing status

These logs help with debugging and audit trails.

Troubleshooting

Webhook Failures

If webhooks fail to deliver, Shopify will retry automatically with exponential backoff. Common causes of webhook failures:

  • Server temporarily unavailable
  • Request timeout (webhooks must respond within 5 seconds)
  • Invalid HMAC signature (usually a configuration issue)

Missing Webhooks

If you suspect webhooks aren't being received:

  1. Check that the app is properly installed
  2. Verify webhook subscriptions in the Shopify Partner Dashboard
  3. Check server logs for incoming requests

Custom Webhook Integrations

PinPoint does not currently support custom outgoing webhooks. If you need to be notified when store data changes, consider using the API to poll for updates or contact support about enterprise integration options.