In the previous post, I have talked about some tips about integration with Shopee. In this post, I will focus more on the technical side. I will give examples on webhook, security and API. Before you try the following example, make sure you have an approved open Shopee account and open Shopee app.

Official Document

Authorize your shop to open shopee

You need to allow your open Shopee app to get shop data. To do this, you need to generate a link. You login Shopee shop, click the link, fill all information then done. you can read the Shopee document and take follow snippet as reference.

// generate a authorized link
function generateLink(partnerid, secret, successReturnUrl) {
  const token =  crypto.createHash('sha256').update(
    successReturnUrl + secret,
  const url =
    '' +
  retrurn url

After successful authorization, you will find the Shopid in your open Shopee console. If you couldn't find it, double-check the authorized steps.


You will need to set up an endpoint to listen to all Shopee events. I choose to use node.js with express.js for that.

const express = require('express');
const router = express.Router();
// ...other endoint, routes
).post((req, res) => {
  const base =
    '|' +
  const secret = crypto.createHmac(
    'sha256', config.shopee.key,
  // check if from shopee and if any MITM
  if (req.headers.authorization !== secret) {
    // not from shopee
  // the event looks good
  // do some operation
module.exports = router;

Once you setup your server and endpoint, you can input your server URL in Shopee console. The open Shopee will send an empty body checking the availability of the endpoint. You cannot press save if your URL is not available. Make sure your server is open to public.

Open Shopee staff is so helpful that they will send email to you if you have issues with webhook availability in the future.


Once you receive the webhook or your system trigger some action, you can perform some API operation. You can refer to the document to all API.

Here is an example of getting order detail,

const axios = require('axios');

function getUnixTime(time) {
  const now = new Date();
  if (!time) {
    time = now;
  return time.getTime() / 1000 | 0;
// partnerid,secretKey: from console
// ordersn or shopid from webhook or database
async function getOrderDetail(ordersn, partnerid, secretKey, shopid) {
  const body = {
    ordersn_list: [
    partner_id: partnerid,
    timestamp: getUnixTime(),
  const base =
    '|' +
  const secret = crypto.createHmac(
    'sha256', secretKey,
  return await axios({
    method: 'post',
    url: '',
    data: body,
    headers: {
      Authorization: secret,

The test tool is only available in the production environment.

Feel free to ask

Staff in open Shopee is helpful. They will send an email about new updates, a highlight of breaking changes, migration tips, implementation issue. So, just feel free to ask them if you encounter any difficulty.

Want to avoid trouble, mistake and save more time. You can contact us to talk about your Shopee idea.