Register and handle Shopify webhooks for subscription billing attempt success and failure events

Verified steps

1. Register webhook subscriptions for the `subscription_billing_attempts/success` and `subscription_billing_attempts/failure` topics via the Admin GraphQL API `webhookSubscriptionCreate` mutation, providing your HTTPS endpoint URL and the topic.
2. On your server, receive the POST request, immediately return a 200 response to acknowledge receipt before doing any processing — Shopify will retry delivery if it does not receive a 200 within a few seconds.
3. Verify the webhook authenticity by computing an HMAC-SHA256 digest of the raw request body using your webhook secret and comparing it to the `X-Shopify-Hmac-SHA256` header value — reject requests that do not match.
4. Parse the payload: on `subscription_billing_attempts/success`, extract the subscription contract ID and update your records with the new `nextBillingDate`; on `subscription_billing_attempts/failure`, extract the `errorCode` and trigger your dunning logic.
5. Implement deduplication using the `X-Shopify-Event-Id` header — store processed event IDs to prevent double-processing on Shopify's retry deliveries.
6. For missed webhooks, implement a reconciliation job that queries the Admin GraphQL API for recent billing attempts on active contracts and compares the result to your local records.