Headers sent but not received by Application, Shopify and Restful API’s

I was tasked with creating a service (app) that would interact with the ShopifyAPI.

To create the service the flow would be:

  1. Authenticate (Oauth)
  2. Register the Service with callback url
  3. Return relevant data when Shopify makes the external call (webhook)

This is the first time I had worked with Oauth and a Restful API. What I didn’t know was that the header information of HTTP requests often contain important information so we need to be able to get and set these values in our application development.

Furthermore for testing purposes I initially had to use curl as the client making the calls to the API. This was unintuitive in terms of setting headers and everything and then viewing and checking the response. That is when a senior developer advised that the use of a REstful client from within your browser should be used, he advised the use of Postman: a restful Client.

With postman you can easily and intuitively set the HTTP payload (often JSON) and header information. The webhook coming from Shopify will send the following header:

HTTP_X_SHOPIFY_SHOP_DOMAIN

To identity the shop. Now to test this request with Postman, I added a header and typed in exactly that:

HTTP_X_SHOPIFY_SHOP_DOMAIN = "myshop.myshopify.com"

But an error was that the header was never sent to the application. What was going wrong?

Well I know it was being sent by checking the network tab of the developer tools. But it was not being received (or was being parsed or mutated) by either apache or php.

Eventually I found out that apache does not accept “_” underscores in HTTP headers. It will remove them, however it will convert dashes to underscores. So the header should have looked like this:

HTTP-X-SHOPIFY-SHOP-DOMAIN = "myshop.myshopify.com"

The full reason behind this can be found here: Why underscores are forbidden in HTTP header names

How to Setup a Professional Zimbra Mail Server: Best practice SPF and DKIM

Setting Up a Mail Server is more difficult than it seems, it is also quite expensive. Furthermore because there is so much Spam there are measures an email administrator should take to ensure spam-free email delivery

In this tutorial I am using Zimbra 8.0.7 as the Email Server (MTA). Zimbra includes all the features you would expect of a modern day email server and as I see it is the only viable competition to Google Business Email and Microsoft Exchange. It is open source and that is why we love it.

For the basic instructions of setting up the Email Server Please refer to this article on DigitalOcean about how to install a zimbra mail server.

Keep in mind:

Although Zimbra is comprehensive and the above tutorial explains in detail, there is a few more things we need to do to ensure that our mail is of high quality and professional.

professional mail server zimbra setup

Be safe with Email Accounts

Spammers are always looking for vulnerable email servers to make there emails less spammy. However once they have control your mail server will inevitably be blacklisted.

  • Make sure your passwords created on email accounts have a high level of difficulty (I would recommend setting passwords for your clients)
  • Only give passwords over phone, not in plain text

Checking your Email Health

A great resource to check your email server health is to use: mailtester.com

DNS SPF Record Setup

An SPF record is short for: Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.

1. You can use SPF Wizard to formulate your SPF Record

2. Typically: “v=spf1 mx a include:_spf.google.com ~all” is what the DNS record should contain

3. For more detailed information about SPF Records check digitalocean

DKIM Record Setup

DKIM is slighly different from SPF records and are sometimes optional, however for a professional server I would recommend it. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message

1. Login to your zimbra server

2. su zimbra -
3. /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

4. Zimbra will output the DNS record you should enter into your DNS settings

Example: 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa;
 p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ
 /6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com

For more information check the Zimbra DKIM documentaiton

Other Considerations for a professional Zimbra Mail Server Setup

  • Do not send email with broken links
  • Make sure you are not blacklisted
  • Images should have an alt tag
  • Content should be safe
  • Stay clear of short url’s

How to Track ajax goal events with google analytics

In this tutorial we look at the steps to take how to track ajax goal events with Google Analytics, that is events where a new page destination is not created and is accessed asynchronously

First setup the Google Analytics Part

1. Go to the Admin Area

ajax event admin google analytics

2. Select Goals Under All Web Site Data

select goals google analytics

3. Click + New Goal

analytics new goal ajax event

 

4. Select Custom Goal

custom

 

4. Add your Goal Description, that is the name (id) then be sure to click Event, as we are tracking an ajax event and not one of the other arbitrary options

analytics ajax goal

5. Now to the meat, setup the goal details. These will be used later in the javascript call to the google analytics object in your tracking code. Category and Action are compulsory, the other options are optional. In this case we have set:

Category = "quote

Action = "getfree"

goal-details

You can also put a monetary value on the conversion / goal.

Now to make Google Analytics aware that an Event Happened

This will happen in your javascript, within a script tag and presumable within a function where a successful quote request has taken place.

ga('send', 'event', 'quote', 'getfree');

The full signature for an event call including the optional fields you could setup

ga('send', 'event', 'category', 'action', 'label', value);  // value is a number.

More information about the ga function can be seen on google developers

Now the code above is provided you are using the new google tracking code

That is:

<script>
...........
 ga('create', 'UA-7777777-4', 'auto');
 ga('require', 'displayfeatures');
 ga('send', 'pageview');
</script>

You can go ahead and click verify goal now. Make sure your category and action and other fields match the ones you setup in google analytics.

I hope this tutorial helped, in learning How to Track ajax goal events with google analytics.

Peace out.