Validation a web hook
AnsweredOk so i seem to be having a few problems validation my webhook.
Currently this is the code i am using:
<?php
// Include the config file and the Podio library
require_once '../../config.php';
require_once '../../../PodioAPI.php';
// Setup the API client reference. Client ID and Client Secrets are defined
// as constants in config.php
Podio::setup(CLIENT_ID, CLIENT_SECRET);
// Use Podio::is_authenticated() to check is there's already an active session.
// If there is you can make API calls right away.
if (!Podio::is_authenticated()) {
// Authenticate using your username and password. Both are defined as constants
// in config.php
Podio::authenticate('password', array('username' => USERNAME, 'password' => PASSWORD));
print "You have been authenticated. Wee!<br>";
$access_token = Podio::$oauth->access_token;
print "Your access token is {$access_token}<br><br>";
print "The access token is automatically saved in a session for your convenience.<br><br>";
}
else {
print "You were already authenticated and no authentication happened. Close and reopen your browser to start over.<br><br>";
}
// Now you can start making API calls. E.g. get your user status
$status = PodioUserStatus::get();
print "Your user id is <b>{$status->user->id}</b> and you have <b>{$status->inbox_new}</b> unread messages in your inbox.<br><br>";
switch ($_POST['type']) {
case 'hook.verify':
// Validate the webhook
PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));
case 'item.create':
// Do something. item_id is available in $_POST['item_id']
}
?>
So what am i doing wrong that this wont validate. I know i can create web hooks as i have done it like this:
$hook_url = "http://infiniteyouth.org.uk/podio/lib/items/activities/create.php";
PodioHook::create( $ref_type, $ref_id, $attributes = array() )
$hookitem = PodioHook::create( 'app', 3239115, array( 'type' => 'item.create', 'url' => $hook_url ));
and i have tried sticking in this function before the validate process:
$hook_id = "88644";
$verify = PodioHook::verify( $hook_id );
Any ideas as why the hook doesn't become active?
-
Since the hook will run on the server side with no user interaction it could be that the user based authentication is the problem... there is not user involvement to actually grant the authentication...
It could also be some simple syntax issue...
What I do is write my code in such a way that i can completely test my hook by passing some url param like:
http://myserver.com/myhook.php?testhookverify=1
To make sure I don't have any syntax or other bugs before I try to run it via the Podio verify function...
Patrick Steil
http://www.podiotools.com -
Oh that param doesn't do anything unless you program your script to then do something like:
if( isset( $_GET['testhookverify'] ) ){
$_POST['item_id'] = '28041957';
$_POST['hook_id'] = '32213';
$_POST['type'] = 'hook.verify';
}This allows you to test the complete function of any of your hook events without running it "blind" from the Podio server...
-
Josh, what do you mean by:
I have just ran this.
Did you just add my 4 lines of code? That code will do nothing by itself... you have to do a lot more with it than that... perhaps you might want some online training and let me help you get your hook up and running... if so, please contact me directly by email and we can setup some consulting time to do this... thanks!
Patrick Steil
patrick@podiotools.com
http://www.podiotools.com -
Hi Joshua,
You have hardcode a hook_id on this line: PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));
That generally leaves a lot of room for errors. It's better to use the hook_id your are provided with in the request. E.g.:
PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));
-
Ok i have made the necessary changes. Now i purposely have just made a mistake in my script to cause it to create an entry in my error log.
However when i hit the verify button in podio to call my php script the error log is not tripped over, which leads me to think that for some reason podio is calling this script.
the url is http://infiniteyouth.org.uk/podio/lib/items/activities/create.php
is there an issue with this? does it work over just http??? i know its the url is correct as i have double checked this and copied it into the browser.
-
Hi Joshua
"Call" is not a precise term. A URL can be requested using different methods. When you paste a link in the browser it does a GET request. When you submit a form on a page it does a POST request. The webhooks are all POST requests, so you need to make sure that your PHP endpoint is responding to not only GET requests, but also POST requests.
Christian
-
ok so when you verify like this: $verify = PodioHook::verify($hook_id);
it should return the code to validate. is that in a json format?
and if so can define it like this: $code = ['code']; so it can be vaidated like this:
PodioHook::validate($_POST['hook_id'], array($_POST[$code]));
-
I think you misunderstand how this works. We need to verify that there is a receiver at the URL given. There is no point in just giving the code when you ask for verification, as there would be no verification actually involved. Then we might as well just activate it straight away.
However we need to ensure that you own the URL, so we are not being used to spam 3rd party through hook calls. So you still need to make your script respond to POST requests (this is also how the actually hook calls will be done).
I cannot help you with how to do that, as that is not related to Podio, but to your programming language/webserver of choice.
Christian
-
<?php
require_once '../../config.php';
require_once '../../../PodioAPI.php';error_log("validate triggerd");
// Setup client
Podio::setup(CLIENT_ID, CLIENT_SECRET);// Turn on debugging
Podio::$debug = true;define("APP_ID", "3239115");
define("APP_TOKEN", "5bb73708707942b2944259893324f921");// Authenticate the app
//Podio::authenticate('app', array('app_id' => MY_APP_ID, 'app_token' => 'MY_APP_TOKEN'));Podio::authenticate('app', array('app_id' => APP_ID, 'app_token' => APP_TOKEN));
$response = PodioHook::get_for( 'app' , 3239115);
foreach ($response as $item) {
//print "<br><b>items without as_json:</b><br>";
// print $item;
print "<br><b>as_json - items:</b><br>";
print $item->as_json(true);}
echo "<br><br>";switch ($_POST['type']) {
case 'hook.verify':
// Validate the webhook
PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));
case 'item.create':
// Do something. item_id is available in $_POST['item_id']
case 'item.update':
// Do something. item_id is available in $_POST['item_id']
case 'item.delete':
// Do something. item_id is available in $_POST['item_id']
}?>
-
Is there anything else i'm not doing here? i know my authentification works because of this coding triggering a response:
$response = PodioHook::get_for( 'app' , 3239115);
foreach ($response as $item) {
//print "<br><b>items without as_json:</b><br>";
// print $item;
print "<br><b>as_json - items:</b><br>";
print $item->as_json(true);}
echo "<br><br>";what isn't working now?
-
My mistake The log doesn't trigger at all when hitting verify in podio? should it not do that?
the Url is http://youth4oasis.co.uk/podio/lib/items/activities/verify.php
-
Hi Joshua,
If your script is not called at all the most likely reason is that the URL is not accessible to the public internet or that it doesn't match the URL you entered into Podio. It needs to match exactly.
Get rid of the output you are generating since it can only confuse you to have HTML being output on a webhook request that doesn't need to generate output.
You've already switched podio-php into debug mode so examine the log file to see exactly which API requests your script is making and what the responses from the API are.
/Andreas
-
Hi Andreas thanks for the quick response,
Ok so i have got in-rid of the uneccessary output. The url definatly matches what is within podio. I have copied out of Podio to double check they it is the correct URL, Which probable means its something to do with the server this end. You can access this page yourself quite easily: http://youth4oasis.co.uk/podio/lib/items/activities/verify.php
the url is accessible but I wonder if this is a permissions thing
I use Cpanel any ideas what permissions this should be set as? surely not 7-7-7????
Please sign in to leave a comment.
Comments
27 comments