I have successfully set up a DM bot with the Account Activity API. Everything works very well, except that sometimes the message sent to the bot (through the Twitter's web interface or mobile application) doesn’t fire a webhook to my server. The messages could be quick replies responses or plain text.
The reason is obviously not a downtime of my server since I tried to make a conversation between 2 webhook registered users (so my server receive the webhooks for both users) and for the same message sent, I have successfully received the webhook of the sender (the user) but not for the recipient (the bot).
As the bot isn’t in production yet, the reason is not an overload of messages. There is currently only 2 users that make conversations. From my experience, around 10% of messages are "lost".
I'm using the free (sandbox) Account Activity API tier, but as I understand the only differences between the free and paid versions are a higher number of subscriptions (I'm fine with 15) and the “Retries” feature. Regarding this feature, it is specified that “The Account Activity API provides a retry feature when the client’s web app does not return a ‘success’ 200 response for an account activity webhook event.”
It clearly states that the event failure concerns the client’s side, not the Twitter side. Considering this issue (my server doesn't receive the webhook at all), there is no guarantee that every event will be delivered even if in a paid plan.
This is a big inconvenience for bots since a button can only be clicked once, so the user must retry the conversation from the beginning (besides the fact that the bot "doesn't work"...)
So my questions are :
Is anyone here experience this issue ?
Is this a “bug or a feature” of the free Account Activity API ? I mean, at random the free tier doesn't fire the webhook on purpose (even if it's not specified in the docs) ?
Is there a way to see or measure the webhook failures Twitter side, via the dashboard for instance ?
A guess is that the events could be more accurate if the account is verified (with a blue badge) or hit a followers number threshold ? The treatment could be different due to the potential surge of events, so they are monitored with more ressources, thus more reliable ?
I already create a topic in the official Twitter forum and there is at least one other person in the same case, but no official answer from Twitter so far.
Thanks a lot !
BR,
Simon
I've got an official answer from Twitter :
Unfortunately it is not possible to achieve 100% delivery rate when there is only 1 delivery attempt for an event, which is why we have retries (and even then, retries are not a guarantee either). Things can go wrong; maybe internal issues in Twitter Data Centers, routing issues in the internet, hosting issues at your webhook, etc.
So from the time being, it seems that there's not way to have a 100% success delivery when you build a bot on Twitter.
Full answer can be read here.
Related
I'm new in using WhatsApp cloud API, I've set up one webhook with my WhatsApp cloud API.but the problem is that after some time it sends an inbound notification of an old message again to my webhook.
If a notification isn't delivered for any reason or if the webhook request returns a HTTP status code other than 200, we retry delivery. We continue retrying delivery with increasing delays up to a certain timeout (typically 24 hours, though this may vary), or until the delivery succeeds.
Whatsapp webhooks documentation
I will share my experience and maybe it can help some of you.
I was returning the status code 200 from my server. But Whatsapp Api Cloud still returned 15 notifications per message.
the problem was that in the past, maybe one month before. I had actived webhook messages notifications, but I didn't respond with the status 200. meanwhile I was building the sending messages backend logic. so , there were thousands of webhooks no responded with the Status code 200. So my facebook app went crazy, and when I decided to respond with the status code 200. it didn't work.
the solution was to create another facebook app. and the webhooks worked well.
Had the same problem, tried to delete the app but didn't work, I was still receiving old messages from the old app.
TLDR; don't use the same test number with more than one Facebook App.
Even creating a new app, Phone Number ID and Account ID were still the same, my speculation is that the webhooks payloads are tied more to the test phone number rather than the Facebook App.
For this reason, if you have another application with the same test number and a not working webhook, it keeps sending the same messages to both webhooks.
Within the POST defined in your Webhook, you should always return HTTP Status 200, check that this happens even within your Promises
Webhooks for WhatsApp Business Accounts
I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
Customer uses IAM to login and my IAM provider using Twilio sends a OTP
The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the AUTHMSG sender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.
I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.
Hangout Chat is sending only new messages to the Bot, edits and deletes are not being sent and there is no info either in the documentation https://developers.google.com/hangouts/chat/reference/message-formats/events
Another issue is, bot's getting message only when its mentioned in a room, all other messages are not sent to bot.
How can i resolve/work around these issues?
Hangouts Chat bots is only sent new messages. Edited messages don't get sent to the bot. Though as Brett mentioned you can submit a feature request if you can think of use cases for the functionality (see below).
I suggest checking the Hangouts Chat API support page and search whether someone's filed a feature request (FR) on Google's issue tracker. If so, star it and add a link to it here via a comment. If not, file a new feature request and also link it here so others can vote on it.
As for the purpose of #mentioning a bot in rooms, this is likely done for privacy/security purposes. Having a bot or bots always listening to conversations in a room could raise such concerns. I'd expect bots to only get messages when it is directly #mentioned in a room unless Google feels otherwise. Who knows... may be if enough people star it, they may consider it.
Since apparently you're not reachable for API questions via email, I guess I'd have to put all the questions in here since it would be tedious to create one for each of them.
So we're planning on creating a webhooks system for our integrations to create a better experience for our users. There are a few pieces that are missing for our end to support having a Podio integration that runs 100% on webhooks.
Support organization level webhooks instead at the space level.
Send full object payload in the webhooks push so we don't need to fetch the resource again. Or at least provide a delta of changes.
Have a secret token header that you send with each request so we can assure the authenticity of the data (that it's actually from Podio and it's not someone trying to hack our system).
Github does a great job with this: https://developer.github.com/webhooks/#delivery-headers.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials. Do you automatically delete that webhook or do we need to contact the user or you guys to get rid of it?
Trello for instance deletes all webhooks associated with a token if it's revoked or a second option is our server sends a 410 Gone back and the webhook, well you guessed it, it's gone.
Do you think something like this is feasible in the near future?
Thanks for your insights :)
Seems pretty valid point. Are there any particular org operations that you are interested to have webhooks for? Can you also describe some use-cases for org level webhooks?
Sending full object payload is pretty complicated because items in Podio can be extremely big and it might be not needed for webhook to get all details. That's why we keep it small and tiny and let Podio partners build own complicated solutions based on webhooks.
Secret token is not much needed if there is only item_id sent in webhook. Let's review it on item modified scenario.
1) User (or anything else) modifies item
2) item.modified webhook is triggered with item_id
3) 3rd party app receives webhook
4) 3rd party app makes a call to Podio API (if it's needed) and gets all required information from Podio API
So, if webhook request is fake, then Podio API will return same item details and nothing is affected. If you want to have some extra layer of security: why not making webhook URL unique and specific to webhook? Then only Podio will know which URL to use to trigger this webhook.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials.
Sorry, but I don't understand your question. Can you please re-phrase it as new StackOverflow question?
I am getting this error whenever I try to follow someone on Instagram via API no matter how many follows have been done before:
{"meta":{"error_type":"APIError","code":400,"error_message":"Client request limit reached"}}
My app allows authenticated users to follow interesting people. I know that there is a 5000 call/hour limit per authenticated user, but it fails even with new users.
Do my app is reaching some kind of client level limit?
APIs like follow, unfollow, comment are limited to 350 requests per hour. However sending requests from client side will fix this problem to some extent but it allows the users to see your API token.
In this case it looks like it would be beneficial to get some more data from your users. You could use Google analytics to track the "follow" action
https://developers.google.com/analytics/devguides/collection/gajs/eventTrackerGuide
This would give you a timestamp and information about user behavior.
Even with an advertised rate of X requests per hour, one user hammering the service with your API key can cause everyone to get throttled. (Not guaranteed, but pretty common practice for companies to keep their services alive)
It might be a good idea to reset your API, its possible (though unlikely) that someone has acquired your key and is using it.