Update with hmac validation details

nozzlegear · Jun 2, 2016 · 6ff9e1d · 6ff9e1d
1 parent fc9d3e6
commit 6ff9e1d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/readme.md b/readme.md
@@ -176,7 +176,7 @@ string accessToken = await ShopifyAuthorizationService.Authorize(code, myShopify
 
 ### Determine if a request is authentic
 
-Any (non-webhook, non-proxy-page) request coming from Shopify will have a querystring paramater called 'signature' that you can use
+Any (non-webhook, non-proxy-page) request coming from Shopify will have a querystring paramater called 'hmac' that you can use
 to verify that the request is authentic. This signature is a hash of all querystring parameters and your app's
 secret key.
 
@@ -197,7 +197,7 @@ else
 
 ### Determine if a proxy page request is authentic
 
-Nearly identical to authenticating normal requests, a proxy page request only differs in that the algorithm uses HMACSHA256 rather than MD5. All proxy page requests coming from Shopify will have a querystring parameter named `signature` that you can use to verify the request. This signature is a hash of all querystring parameters and your app's secret key.
+Nearly identical to authenticating normal requests, a proxy page request only differs in the way the HMAC is generated. All proxy page requests coming from Shopify will have a querystring parameter named `hmac` that you can use to verify the request. This signature is a hash of all querystring parameters and your app's secret key.
 
 ```cs
 var qs = Request.QueryString;