Post

2 followers Follow
0
Avatar

Validation a web hook

Ok so i seem to be having a few problems validation my webhook.

Currently this is the code i am using:

<?php

// Include the config file and the Podio library

require_once '../../config.php';

require_once '../../../PodioAPI.php';

// Setup the API client reference. Client ID and Client Secrets are defined

// as constants in config.php

Podio::setup(CLIENT_ID, CLIENT_SECRET);

// Use Podio::is_authenticated() to check is there's already an active session.

// If there is you can make API calls right away.

if (!Podio::is_authenticated()) {

// Authenticate using your username and password. Both are defined as constants

// in config.php

Podio::authenticate('password', array('username' => USERNAME, 'password' => PASSWORD));

print "You have been authenticated. Wee!<br>";

$access_token = Podio::$oauth->access_token;

print "Your access token is {$access_token}<br><br>";

print "The access token is automatically saved in a session for your convenience.<br><br>";

}

else {

print "You were already authenticated and no authentication happened. Close and reopen your browser to start over.<br><br>";

}

// Now you can start making API calls. E.g. get your user status

$status = PodioUserStatus::get();

print "Your user id is <b>{$status->user->id}</b> and you have <b>{$status->inbox_new}</b> unread messages in your inbox.<br><br>";

switch ($_POST['type']) {

case 'hook.verify':

// Validate the webhook

PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));

case 'item.create':

// Do something. item_id is available in $_POST['item_id']

}

 

?>

 

So what am i doing wrong that this wont validate. I know i can create web hooks as i have done it like this:

$hook_url = "http://infiniteyouth.org.uk/podio/lib/items/activities/create.php";

PodioHook::create( $ref_type, $ref_id, $attributes = array() )

$hookitem = PodioHook::create( 'app', 3239115, array( 'type' => 'item.create', 'url' => $hook_url ));

 

and  i have tried sticking in this function before the validate process: 

$hook_id = "88644";

$verify = PodioHook::verify( $hook_id );

 

Any ideas as why the hook doesn't become active?

Joshua Baker Answered

Please sign in to leave a comment.

27 comments

0
Avatar

Since the hook will run on the server side with no user interaction it could be that the user based authentication is the problem... there is not user involvement to actually grant the authentication...

It could also be some simple syntax issue... 

What I do is write my code in such a way that i can completely test my hook by passing some url param like:

http://myserver.com/myhook.php?testhookverify=1

To make sure I don't have any syntax or other bugs before I try to run it via the Podio verify function... 

 

Patrick Steil

http://www.podiotools.com

Patrick Steil 0 votes
0
Avatar

Im afraid this isnt the case. I have tried with both server side and user authentication. Also im not getting any syntax errors anywhere. Including my error log. So what does the param ?testhookverify=1 actually do?

Joshua Baker 0 votes
0
Avatar

Oh that param doesn't do anything unless you program your script to then do something like:

 

if( isset( $_GET['testhookverify'] ) ){

$_POST['item_id'] = '28041957';

$_POST['hook_id'] = '32213';

$_POST['type'] = 'hook.verify';

}

 

This allows you to test the complete function of any of your hook events without running it "blind" from the Podio server...  

 

Patrick Steil 0 votes
0
Avatar

Hi Patrick.

I have just ran this. But i seem to get no response what so ever? but no syntax error, or anything in the error log? any thoughts?

Joshua Baker 0 votes
0
Avatar

Josh, what do you mean by:

 I have just ran this. 

Did you just add my 4 lines of code?  That code will do nothing by itself... you have to do a lot more with it than that... perhaps you might want some online training and let me help you get your hook up and running... if so, please contact me directly by email and we can setup some consulting time to do this... thanks!

Patrick Steil

patrick@podiotools.com

http://www.podiotools.com

Patrick Steil 0 votes
0
Avatar

No i didn't just add your code. For some reason its not pulling through the verification Code. Im not sure why. 

Joshua Baker 0 votes
0
Avatar

Have you gotten your code to run standalone like I suggested?  I think we're at a point where I need to see your entire code and how you have things setup... contact me offline if you would like more hands on help, thanks... 

Patrick Steil 0 votes
0
Avatar

Hi Joshua,

You have hardcode a hook_id on this line: PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));

That generally leaves a lot of room for errors. It's better to use the hook_id your are provided with in the request. E.g.: 

PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

Andreas Haugstrup Pedersen 0 votes
0
Avatar

Ok i have made the necessary changes. Now i purposely have just made a mistake in my script to cause it to create an entry in my error log.

However when i hit the verify button in podio to call my php script the error log is not tripped over, which leads me to think that for some reason podio is calling this script.

the url is http://infiniteyouth.org.uk/podio/lib/items/activities/create.php

is there an issue with this? does it work over just http??? i know its the url is correct as i have double checked this and copied it into the browser.  

Joshua Baker 0 votes
0
Avatar

Hi Joshua

Are you absolutely sure the URL is not called? I can see that the URL has been called many times today. Keep in mind that it is doing a POST request and not a GET request (which is what you get when the URL is used int he browser).

Christian

Christian Holm 0 votes
0
Avatar

well surely when i hit the validate button it should call this script and create an error in my log. It does it when I i call the address manually in a browser.

Joshua Baker 0 votes
0
Avatar

Hi Joshua

"Call" is not a precise term. A URL can be requested using different methods. When you paste a link in the browser it does a GET request. When you submit a form on a page it does a POST request. The webhooks are all POST requests, so you need to make sure that your PHP endpoint is responding to not only GET requests, but also POST requests.

Christian

Christian Holm 0 votes
0
Avatar

OK but regardless of this it will still attempt to run the php script anyway? correct? which regardless of the coding would cause an entry in my error log no?

Joshua Baker 0 votes
0
Avatar

No, it won't run regardless, it depends on how you have setup the script and how it is exposed.

Christian Holm 0 votes
0
Avatar

ok so when you verify like this: $verify = PodioHook::verify($hook_id); 

it should return the code to validate. is that in a json format?

and if so can define it like this: $code = ['code']; so it can be vaidated like this:

PodioHook::validate($_POST['hook_id'], array($_POST[$code]));

 

Joshua Baker 0 votes
0
Avatar

I think you misunderstand how this works. We need to verify that there is a receiver at the URL given. There is no point in just giving the code when you ask for verification, as there would be no verification actually involved. Then we might as well just activate it straight away. 

However we need to ensure that you own the URL, so we are not being used to spam 3rd party through hook calls. So you still need to make your script respond to POST requests (this is also how the actually hook calls will be done).

I cannot help you with how to do that, as that is not related to Podio, but to your programming language/webserver of choice.

Christian

Christian Holm 0 votes
0
Avatar

<?php

require_once '../../config.php';

require_once '../../../PodioAPI.php';

error_log("validate triggerd");

// Setup client

Podio::setup(CLIENT_ID, CLIENT_SECRET);

// Turn on debugging

Podio::$debug = true;

define("APP_ID", "3239115");

define("APP_TOKEN", "5bb73708707942b2944259893324f921");

// Authenticate the app

//Podio::authenticate('app', array('app_id' => MY_APP_ID, 'app_token' => 'MY_APP_TOKEN'));

Podio::authenticate('app', array('app_id' => APP_ID, 'app_token' => APP_TOKEN));

$response = PodioHook::get_for( 'app' , 3239115);

foreach ($response as $item) {

//print "<br><b>items without as_json:</b><br>";

// print $item;

print "<br><b>as_json - items:</b><br>";

print $item->as_json(true);

}

echo "<br><br>";

switch ($_POST['type']) {

case 'hook.verify':

// Validate the webhook

PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

case 'item.create':

// Do something. item_id is available in $_POST['item_id']

case 'item.update':

// Do something. item_id is available in $_POST['item_id']

case 'item.delete':

// Do something. item_id is available in $_POST['item_id']

}

?>

Joshua Baker 0 votes
0
Avatar

Is there anything else i'm not doing here? i know my authentification works because of this coding triggering a response:

$response = PodioHook::get_for( 'app' , 3239115);

foreach ($response as $item) {

//print "<br><b>items without as_json:</b><br>";

// print $item;

print "<br><b>as_json - items:</b><br>";

print $item->as_json(true);

}

echo "<br><br>";

what isn't working now?

Joshua Baker 0 votes
0
Avatar

Hi Joshua,

If your script is not called at all the most likely reason is that the URL is not accessible to the public internet or that it doesn't match the URL you entered into Podio. It needs to match exactly.

Get rid of the output you are generating since it can only confuse you to have HTML being output on a webhook request that doesn't need to generate output.

You've already switched podio-php into debug mode so examine the log file to see exactly which API requests your script is making and what the responses from the API are.

/Andreas

Andreas Haugstrup Pedersen 0 votes
0
Avatar

Hi Andreas thanks for the quick response,

Ok so i have got in-rid of the uneccessary output. The url definatly matches what is within podio. I have copied out of Podio to double check they it is the correct URL, Which probable means its something to do with the server this end. You can access this page yourself quite easily:   http://youth4oasis.co.uk/podio/lib/items/activities/verify.php

the url is accessible but I wonder if this is a permissions thing 

I use Cpanel any ideas what permissions this should be set as? surely not 7-7-7????

Joshua Baker 0 votes
0
Avatar

Yes so ive realised this is an issue with my hosting company. It works fine with another hosting company. Why would it not be working with this hosting company when the rest of the API seems to work fine? Could this be certain php modules not being installed?

Joshua Baker 0 votes