Validation a web hook

Answered

Comments

27 comments

  • Patrick Steil

    Since the hook will run on the server side with no user interaction it could be that the user based authentication is the problem... there is not user involvement to actually grant the authentication...

    It could also be some simple syntax issue... 

    What I do is write my code in such a way that i can completely test my hook by passing some url param like:

    http://myserver.com/myhook.php?testhookverify=1

    To make sure I don't have any syntax or other bugs before I try to run it via the Podio verify function... 

     

    Patrick Steil

    http://www.podiotools.com

    0
    Comment actions Permalink
  • Joshua Baker

    Im afraid this isnt the case. I have tried with both server side and user authentication. Also im not getting any syntax errors anywhere. Including my error log. So what does the param ?testhookverify=1 actually do?

    0
    Comment actions Permalink
  • Patrick Steil

    Oh that param doesn't do anything unless you program your script to then do something like:

     

    if( isset( $_GET['testhookverify'] ) ){

    $_POST['item_id'] = '28041957';

    $_POST['hook_id'] = '32213';

    $_POST['type'] = 'hook.verify';

    }

     

    This allows you to test the complete function of any of your hook events without running it "blind" from the Podio server...  

     

    0
    Comment actions Permalink
  • Joshua Baker

    Hi Patrick.

    I have just ran this. But i seem to get no response what so ever? but no syntax error, or anything in the error log? any thoughts?

    0
    Comment actions Permalink
  • Joshua Baker

    It just seems to be non responsive. 

    0
    Comment actions Permalink
  • Patrick Steil

    Josh, what do you mean by:

     I have just ran this. 

    Did you just add my 4 lines of code?  That code will do nothing by itself... you have to do a lot more with it than that... perhaps you might want some online training and let me help you get your hook up and running... if so, please contact me directly by email and we can setup some consulting time to do this... thanks!

    Patrick Steil

    patrick@podiotools.com

    http://www.podiotools.com

    0
    Comment actions Permalink
  • Joshua Baker

    No i didn't just add your code. For some reason its not pulling through the verification Code. Im not sure why. 

    0
    Comment actions Permalink
  • Patrick Steil

    Have you gotten your code to run standalone like I suggested?  I think we're at a point where I need to see your entire code and how you have things setup... contact me offline if you would like more hands on help, thanks... 

    0
    Comment actions Permalink
  • Andreas Haugstrup Pedersen

    Hi Joshua,

    You have hardcode a hook_id on this line: PodioHook::validate( $_POST[88644], array('code' => $_POST['code']));

    That generally leaves a lot of room for errors. It's better to use the hook_id your are provided with in the request. E.g.: 

    PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

    0
    Comment actions Permalink
  • Joshua Baker

    Ok i have made the necessary changes. Now i purposely have just made a mistake in my script to cause it to create an entry in my error log.

    However when i hit the verify button in podio to call my php script the error log is not tripped over, which leads me to think that for some reason podio is calling this script.

    the url is http://infiniteyouth.org.uk/podio/lib/items/activities/create.php

    is there an issue with this? does it work over just http??? i know its the url is correct as i have double checked this and copied it into the browser.  

    0
    Comment actions Permalink
  • Joshua Baker

    Podio isn't calling the script*

    0
    Comment actions Permalink
  • Christian Holm

    Hi Joshua

    Are you absolutely sure the URL is not called? I can see that the URL has been called many times today. Keep in mind that it is doing a POST request and not a GET request (which is what you get when the URL is used int he browser).

    Christian

    0
    Comment actions Permalink
  • Joshua Baker

    well surely when i hit the validate button it should call this script and create an error in my log. It does it when I i call the address manually in a browser.

    0
    Comment actions Permalink
  • Christian Holm

    Hi Joshua

    "Call" is not a precise term. A URL can be requested using different methods. When you paste a link in the browser it does a GET request. When you submit a form on a page it does a POST request. The webhooks are all POST requests, so you need to make sure that your PHP endpoint is responding to not only GET requests, but also POST requests.

    Christian

    0
    Comment actions Permalink
  • Joshua Baker

    OK but regardless of this it will still attempt to run the php script anyway? correct? which regardless of the coding would cause an entry in my error log no?

    0
    Comment actions Permalink
  • Christian Holm

    No, it won't run regardless, it depends on how you have setup the script and how it is exposed.

    0
    Comment actions Permalink
  • Joshua Baker

    ok so when you verify like this: $verify = PodioHook::verify($hook_id); 

    it should return the code to validate. is that in a json format?

    and if so can define it like this: $code = ['code']; so it can be vaidated like this:

    PodioHook::validate($_POST['hook_id'], array($_POST[$code]));

     

    0
    Comment actions Permalink
  • Christian Holm

    I think you misunderstand how this works. We need to verify that there is a receiver at the URL given. There is no point in just giving the code when you ask for verification, as there would be no verification actually involved. Then we might as well just activate it straight away. 

    However we need to ensure that you own the URL, so we are not being used to spam 3rd party through hook calls. So you still need to make your script respond to POST requests (this is also how the actually hook calls will be done).

    I cannot help you with how to do that, as that is not related to Podio, but to your programming language/webserver of choice.

    Christian

    0
    Comment actions Permalink
  • Joshua Baker

    Ok so here is now the only piece of php i have. i havn't done anything else:

    0
    Comment actions Permalink
  • Joshua Baker

    <?php

    require_once '../../config.php';

    require_once '../../../PodioAPI.php';

    error_log("validate triggerd");

    // Setup client

    Podio::setup(CLIENT_ID, CLIENT_SECRET);

    // Turn on debugging

    Podio::$debug = true;

    define("APP_ID", "3239115");

    define("APP_TOKEN", "5bb73708707942b2944259893324f921");

    // Authenticate the app

    //Podio::authenticate('app', array('app_id' => MY_APP_ID, 'app_token' => 'MY_APP_TOKEN'));

    Podio::authenticate('app', array('app_id' => APP_ID, 'app_token' => APP_TOKEN));

    $response = PodioHook::get_for( 'app' , 3239115);

    foreach ($response as $item) {

    //print "<br><b>items without as_json:</b><br>";

    // print $item;

    print "<br><b>as_json - items:</b><br>";

    print $item->as_json(true);

    }

    echo "<br><br>";

    switch ($_POST['type']) {

    case 'hook.verify':

    // Validate the webhook

    PodioHook::validate($_POST['hook_id'], array('code' => $_POST['code']));

    case 'item.create':

    // Do something. item_id is available in $_POST['item_id']

    case 'item.update':

    // Do something. item_id is available in $_POST['item_id']

    case 'item.delete':

    // Do something. item_id is available in $_POST['item_id']

    }

    ?>

    0
    Comment actions Permalink
  • Joshua Baker

    my error log looks like this:

    [05-Nov-2013 15:39:17 UTC] validate triggerd

    0
    Comment actions Permalink
  • Joshua Baker

    Is there anything else i'm not doing here? i know my authentification works because of this coding triggering a response:

    $response = PodioHook::get_for( 'app' , 3239115);

    foreach ($response as $item) {

    //print "<br><b>items without as_json:</b><br>";

    // print $item;

    print "<br><b>as_json - items:</b><br>";

    print $item->as_json(true);

    }

    echo "<br><br>";

    what isn't working now?

    0
    Comment actions Permalink
  • Joshua Baker

    My mistake The log doesn't trigger at all when hitting verify in podio? should it not do that?

    the Url is http://youth4oasis.co.uk/podio/lib/items/activities/verify.php

     

    0
    Comment actions Permalink
  • Andreas Haugstrup Pedersen

    Hi Joshua,

    If your script is not called at all the most likely reason is that the URL is not accessible to the public internet or that it doesn't match the URL you entered into Podio. It needs to match exactly.

    Get rid of the output you are generating since it can only confuse you to have HTML being output on a webhook request that doesn't need to generate output.

    You've already switched podio-php into debug mode so examine the log file to see exactly which API requests your script is making and what the responses from the API are.

    /Andreas

    0
    Comment actions Permalink
  • Joshua Baker

    Hi Andreas thanks for the quick response,

    Ok so i have got in-rid of the uneccessary output. The url definatly matches what is within podio. I have copied out of Podio to double check they it is the correct URL, Which probable means its something to do with the server this end. You can access this page yourself quite easily:   http://youth4oasis.co.uk/podio/lib/items/activities/verify.php

    the url is accessible but I wonder if this is a permissions thing 

    I use Cpanel any ideas what permissions this should be set as? surely not 7-7-7????

    0
    Comment actions Permalink
  • Joshua Baker

    The log also is recording nothing at all now i have taken out any unnecessary output.

    0
    Comment actions Permalink
  • Joshua Baker

    Yes so ive realised this is an issue with my hosting company. It works fine with another hosting company. Why would it not be working with this hosting company when the rest of the API seems to work fine? Could this be certain php modules not being installed?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk