Post

2 followers

Podio API Developer Forum

Validation a web hook

Ok so i seem to be having a few problems validation my webhook.

Currently this is the code i am using:

<?php

// Include the config file and the Podio library

require_once '../../config.php';

require_once '../../../PodioAPI.php';

// Setup the API client reference. Client ID and Client Secrets are defined

// as constants in config.php

Podio::setup(CLIENT_ID, CLIENT_SECRET);

// Use Podio::is_authenticated() to check is there's already an active session.

// If there is you can make API calls right away.

if (!Podio::is_authenticated()) {

// Authenticate using your username and password. Both are defined as constants

// in config.php

Podio::authenticate('password', array('username' => USERNAME, 'password' => PASSWORD));

print "You have been authenticated. Wee! ";

$access_token = Podio::$oauth->access_token;

print "Your access token is {$access_token} ";

print "The access token is automatically saved in a session for your convenience. ";

}

else {

print "You were already authenticated and no authentication happened. Close and reopen your browser to start over. ";

}

// Now you can start making API calls. E.g. get your user status

$status = PodioUserStatus::get();

print "Your user id is {$status->user->id} and you have {$status->inbox_new} unread messages in your inbox. ";

switch ($_POST['type']) {

case 'hook.verify':

// Validate the webhook

PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));

case 'item.create':

// Do something. item_id is available in $_POST['item_id']

}

So what am i doing wrong that this wont validate. I know i can create web hooks as i have done it like this:

$hook_url = "http://infiniteyouth.org.uk/podio/lib/items/activities/create.php";

PodioHook::create( $ref_type, $ref_id, $attributes = array() )

$hookitem = PodioHook::create( 'app', 3239115, array( 'type' => 'item.create', 'url' => $hook_url ));

and i have tried sticking in this function before the validate process:

$hook_id = "88644";

$verify = PodioHook::verify( $hook_id );

Any ideas as why the hook doesn't become active?

Joshua Baker October 14, 2013 14:25 Answered

Please sign in to leave a comment.

27 comments

Since the hook will run on the server side with no user interaction it could be that the user based authentication is the problem... there is not user involvement to actually grant the authentication...

It could also be some simple syntax issue...

What I do is write my code in such a way that i can completely test my hook by passing some url param like:

http://myserver.com/myhook.php?testhookverify=1

To make sure I don't have any syntax or other bugs before I try to run it via the Podio verify function...

Patrick Steil

http://www.podiotools.com

Patrick Steil October 14, 2013 16:08 0 votes

Im afraid this isnt the case. I have tried with both server side and user authentication. Also im not getting any syntax errors anywhere. Including my error log. So what does the param ?testhookverify=1 actually do?

Joshua Baker October 15, 2013 09:26 0 votes

Oh that param doesn't do anything unless you program your script to then do something like:

if( isset( $_GET['testhookverify'] ) ){

$_POST['item_id'] = '28041957';

$_POST['hook_id'] = '32213';

$_POST['type'] = 'hook.verify';

}

This allows you to test the complete function of any of your hook events without running it "blind" from the Podio server...

Patrick Steil October 15, 2013 13:52 0 votes

Hi Patrick.

I have just ran this. But i seem to get no response what so ever? but no syntax error, or anything in the error log? any thoughts?

Joshua Baker October 18, 2013 09:45 0 votes

It just seems to be non responsive.

Joshua Baker October 18, 2013 09:48 0 votes

Josh, what do you mean by:

I have just ran this.

Did you just add my 4 lines of code? That code will do nothing by itself... you have to do a lot more with it than that... perhaps you might want some online training and let me help you get your hook up and running... if so, please contact me directly by email and we can setup some consulting time to do this... thanks!

Patrick Steil

patrick@podiotools.com

http://www.podiotools.com

Patrick Steil October 18, 2013 12:36 0 votes

No i didn't just add your code. For some reason its not pulling through the verification Code. Im not sure why.

Joshua Baker October 18, 2013 13:28 0 votes

Have you gotten your code to run standalone like I suggested? I think we're at a point where I need to see your entire code and how you have things setup... contact me offline if you would like more hands on help, thanks...

Patrick Steil October 18, 2013 13:31 0 votes

Hi Joshua,

You have hardcode a hook_id on this line: PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));

That generally leaves a lot of room for errors. It's better to use the hook_id your are provided with in the request. E.g.:

PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

Andreas Haugstrup Pedersen October 21, 2013 22:25 0 votes

Ok i have made the necessary changes. Now i purposely have just made a mistake in my script to cause it to create an entry in my error log.

However when i hit the verify button in podio to call my php script the error log is not tripped over, which leads me to think that for some reason podio is calling this script.

the url is http://infiniteyouth.org.uk/podio/lib/items/activities/create.php

is there an issue with this? does it work over just http??? i know its the url is correct as i have double checked this and copied it into the browser.

Joshua Baker October 22, 2013 09:13 0 votes

Podio isn't calling the script*

Joshua Baker October 22, 2013 09:14 0 votes

Hi Joshua

Are you absolutely sure the URL is not called? I can see that the URL has been called many times today. Keep in mind that it is doing a POST request and not a GET request (which is what you get when the URL is used int he browser).

Christian

Christian Holm October 22, 2013 10:32 0 votes

well surely when i hit the validate button it should call this script and create an error in my log. It does it when I i call the address manually in a browser.

Joshua Baker October 22, 2013 12:48 0 votes

Hi Joshua

"Call" is not a precise term. A URL can be requested using different methods. When you paste a link in the browser it does a GET request. When you submit a form on a page it does a POST request. The webhooks are all POST requests, so you need to make sure that your PHP endpoint is responding to not only GET requests, but also POST requests.

Christian

Christian Holm October 22, 2013 13:01 0 votes

OK but regardless of this it will still attempt to run the php script anyway? correct? which regardless of the coding would cause an entry in my error log no?

Joshua Baker October 23, 2013 08:36 0 votes

No, it won't run regardless, it depends on how you have setup the script and how it is exposed.

Christian Holm October 23, 2013 08:40 0 votes

ok so when you verify like this: $verify = PodioHook::verify($hook_id);

it should return the code to validate. is that in a json format?

and if so can define it like this: $code = ['code']; so it can be vaidated like this:

PodioHook::validate($_POST['hook_id'], array($_POST[$code]));

Joshua Baker October 25, 2013 15:15 0 votes

I think you misunderstand how this works. We need to verify that there is a receiver at the URL given. There is no point in just giving the code when you ask for verification, as there would be no verification actually involved. Then we might as well just activate it straight away.

However we need to ensure that you own the URL, so we are not being used to spam 3rd party through hook calls. So you still need to make your script respond to POST requests (this is also how the actually hook calls will be done).

I cannot help you with how to do that, as that is not related to Podio, but to your programming language/webserver of choice.

Christian

Christian Holm October 30, 2013 13:45 0 votes

Ok so here is now the only piece of php i have. i havn't done anything else:

Joshua Baker November 05, 2013 15:42 0 votes

<?php

require_once '../../config.php';

require_once '../../../PodioAPI.php';

error_log("validate triggerd");

// Setup client

Podio::setup(CLIENT_ID, CLIENT_SECRET);

// Turn on debugging

Podio::$debug = true;

define("APP_ID", "3239115");

define("APP_TOKEN", "5bb73708707942b2944259893324f921");

// Authenticate the app

//Podio::authenticate('app', array('app_id' => MY_APP_ID, 'app_token' => 'MY_APP_TOKEN'));

Podio::authenticate('app', array('app_id' => APP_ID, 'app_token' => APP_TOKEN));

$response = PodioHook::get_for( 'app' , 3239115);

foreach ($response as $item) {

//print " items without as_json: ";

// print $item;

print " as_json - items: ";

print $item->as_json(true);

}

echo " ";

switch ($_POST['type']) {

case 'hook.verify':

// Validate the webhook

PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

case 'item.create':

// Do something. item_id is available in $_POST['item_id']

case 'item.update':

// Do something. item_id is available in $_POST['item_id']

case 'item.delete':

// Do something. item_id is available in $_POST['item_id']

}

Joshua Baker November 05, 2013 15:42 0 votes

my error log looks like this:

[05-Nov-2013 15:39:17 UTC] validate triggerd

Joshua Baker November 05, 2013 15:43 0 votes

Is there anything else i'm not doing here? i know my authentification works because of this coding triggering a response:

$response = PodioHook::get_for( 'app' , 3239115);

foreach ($response as $item) {

//print " items without as_json: ";

// print $item;

print " as_json - items: ";

print $item->as_json(true);

}

echo " ";

what isn't working now?

Joshua Baker November 05, 2013 15:44 0 votes

My mistake The log doesn't trigger at all when hitting verify in podio? should it not do that?

the Url is http://youth4oasis.co.uk/podio/lib/items/activities/verify.php

Joshua Baker November 05, 2013 15:59 0 votes

Hi Joshua,

If your script is not called at all the most likely reason is that the URL is not accessible to the public internet or that it doesn't match the URL you entered into Podio. It needs to match exactly.

Get rid of the output you are generating since it can only confuse you to have HTML being output on a webhook request that doesn't need to generate output.

You've already switched podio-php into debug mode so examine the log file to see exactly which API requests your script is making and what the responses from the API are.

/Andreas

Andreas Haugstrup Pedersen November 06, 2013 18:19 0 votes

Hi Andreas thanks for the quick response,

Ok so i have got in-rid of the uneccessary output. The url definatly matches what is within podio. I have copied out of Podio to double check they it is the correct URL, Which probable means its something to do with the server this end. You can access this page yourself quite easily: http://youth4oasis.co.uk/podio/lib/items/activities/verify.php

the url is accessible but I wonder if this is a permissions thing

I use Cpanel any ideas what permissions this should be set as? surely not 7-7-7????

Joshua Baker November 06, 2013 19:05 0 votes

The log also is recording nothing at all now i have taken out any unnecessary output.

Joshua Baker November 07, 2013 08:54 0 votes

Yes so ive realised this is an issue with my hosting company. It works fine with another hosting company. Why would it not be working with this hosting company when the rest of the API seems to work fine? Could this be certain php modules not being installed?

Joshua Baker December 12, 2013 23:04 0 votes