Hi,
As per the documentation:
http://docs.shopify.com/api/authentication/oauth#verification
"Every request or redirect from Shopify to the client server includes a signature and hmac parameters that can be used to ensure that it came from Shopify."
To use the new HMAC SHA256 validation method I need these three parameters:
{"shop":"some-shop.myshopify.com","code":"a94a110d86d2452eb3e2af4cfb8a3828","timestamp":"1337178173"
}But the code parameter is only present in the initial authorization callback request which comes when my app is installed. After that the hmac, shop and timestamp parameters are present in every request but not the code parameter. So is it correct to assume that the code parameter needs to be persisted somewhere locally (database) and used internally to verify every request?
Thanks
