I want to test Podio Web Hooks (item.update) through RequestBin. I have created WebHook and it shows in my account. When I created i got one request for Verify on RequestBin URL. But in Podio it is showing as Inactive.
Kindly let me know how can I test further.
You have to validate the hook using the code received from the verify call. The hook will become active only after on successful validation.
Refer Podio documentation on how to Validate hook here, Validate Podio hook verification
So the webhook content is pretty bare bones, it just has request parameters for a variable or two in addition to any URL parameters you are passing based on your webhook URI. There is a whole description of what the parameters provided are here: https://developers.podio.com/doc/hookshttps://developers.podio.com/doc/hooks
Basically whatever is catching your webhook will need to be able to connect to the Podio API and fetch the item with the ID passed in the webhook.
Related
Since apparently you're not reachable for API questions via email, I guess I'd have to put all the questions in here since it would be tedious to create one for each of them.
So we're planning on creating a webhooks system for our integrations to create a better experience for our users. There are a few pieces that are missing for our end to support having a Podio integration that runs 100% on webhooks.
Support organization level webhooks instead at the space level.
Send full object payload in the webhooks push so we don't need to fetch the resource again. Or at least provide a delta of changes.
Have a secret token header that you send with each request so we can assure the authenticity of the data (that it's actually from Podio and it's not someone trying to hack our system).
Github does a great job with this: https://developer.github.com/webhooks/#delivery-headers.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials. Do you automatically delete that webhook or do we need to contact the user or you guys to get rid of it?
Trello for instance deletes all webhooks associated with a token if it's revoked or a second option is our server sends a 410 Gone back and the webhook, well you guessed it, it's gone.
Do you think something like this is feasible in the near future?
Thanks for your insights :)
Seems pretty valid point. Are there any particular org operations that you are interested to have webhooks for? Can you also describe some use-cases for org level webhooks?
Sending full object payload is pretty complicated because items in Podio can be extremely big and it might be not needed for webhook to get all details. That's why we keep it small and tiny and let Podio partners build own complicated solutions based on webhooks.
Secret token is not much needed if there is only item_id sent in webhook. Let's review it on item modified scenario.
1) User (or anything else) modifies item
2) item.modified webhook is triggered with item_id
3) 3rd party app receives webhook
4) 3rd party app makes a call to Podio API (if it's needed) and gets all required information from Podio API
So, if webhook request is fake, then Podio API will return same item details and nothing is affected. If you want to have some extra layer of security: why not making webhook URL unique and specific to webhook? Then only Podio will know which URL to use to trigger this webhook.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials.
Sorry, but I don't understand your question. Can you please re-phrase it as new StackOverflow question?
I have been reading Yodlee Docs at https://developer.yodlee.com/Yodlee_API/Webhooks for implementing webhooks
What i did is, first registered a webhook for one of my users using following end point
POST /{cobrandName}/v1/cobrand/config/notifications/events/{eventName}
Then i triggered a refresh for one of the account using following endpoint POST /{cobrandName}/v1/refresh
But seems that Yodlee doesnt hit my URL when refresh is completed or there is an error in refresh.
I also tried to add an account using FastLink to see if Yodlee hits my URL when an account is added. But it doesn't. I am not sure what exactly is the problem. Can you please help?
Although i have a dobt - Does the webhook hit only if add/edit/refresh account was done using the API and not FastLInk provided by yodlee?
I am using Account Agreegation API and Developer account for testing.
Webhook event notifications will work only when you try to add the account using YSL APIs (manually).It doesn't work with FastLink. I have been informed by Yodlee Support. They also informed me that till date they don't have any client using webhook service, which was bit scary to know.
Please find a simple example to use webhooks-
1)Subscribe event using this URL- http://webhook.info/post/FLQLMZMFJI
2)Initiate add account process
3)Open the following URL and find the refresh notifications -
http://webhook.info/#/watch/FLQLMZMFJI
Please note: As you have subscribed for webhook event now. Please unsubscribe first using
DELETE /{cobrandName}/v1/cobrand/config/notifications/events/{eventName}
Delete Subscription
The API Call - getSiteRefreshInfo in Yodlee API asks for the memSiteAccId.
I thought it is the same as itemAccountId that we got from Transactions. However, its not the same. Then, how do I retrieve memSiteAccId ?
Whenever you add an account using Site Based API(addSiteAccount1) you'll get- siteAccountId in the response. This is same as MemSiteAccountId, and you need to use the same to pass as an input in getSiteRefreshInfo.
I experimenting with Paypal REST API and I was stunned into a problem with webhooks.
I trying use the following tactic to verify event data - ensure that HATEOAS link with rel == "self" like https://api.sandbox.paypal.com/v1/notifications/webhooks-events/WH-6L177801XL962315K-5B870910V53268712 is present, and ensure that this link starts with expected API endpoint (set in web.config) and reloads event data with it, and use it as trusted event data.
But this tactic fails, it results to 404 instead of getting webhook data.
Who else used Paypal REST API webhooks? How you are verify that the event come from trusted event source?
Update
Was able to get more details on messages received. Response body:
Data [{\r\n \"name\": \"INVALID_RESOURCE_ID\",\r\n \"details\": [],\r\n \"message\": \"Resource id is invalid\"\r\n}]
Headers as JSON object: [{\r\n \"PROXY_SERVER_INFO\": [\r\n \"host=slcsbplatformapiserv3002.slc.paypal.com;threadId=370534\"\r\n ],\r\n \"Paypal-Debug-Id\": [\r\n \"e33a2f285d46f\"\r\n ],\r\n \"SERVER_INFO\": [\r\n \"webhooksplatformserv:ppaas_1_2.v1.notifications.webhooks-events.id.GET&CalThreadId=184&TopLevelTxnStartTime=14b4099eb05&Host=slcsbwebhooksplatformserv3002.slc.paypal.com&pid=29135\"\r\n ],\r\n \"Date\": [\r\n \"Sat, 31 Jan 2015 15:26:44 GMT\"\r\n ],\r\n \"Server\": [\r\n \"Apache-Coyote/1.1\"\r\n ]\r\n}]
The hateoas link should return the same payload as the original webhook event. So there seems to be some issue there.
However, if your intention is to validate if the event came from PayPal then the correct way is to validate the signature included in the webhooks header. This link has more details around the security aspects in webhooks.
https://developer.paypal.com/webapps/developer/docs/integration/direct/rest-webhooks-overview/#event-security
I am new to PayPal API, so I have a nooby question.
When I send user from my shopping site to PayPal payment page e.g. https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=xxxxxx&custom=xxxx and I use custom variable with unique ID about product inside my database and when user get returned back to my website thank you page, do I use simple $_GET["custom"] inside my php script to grab that value or I need some PayPal API code implemented inside my website?
Thanks for help.
In order to retrieve this value, you would not be able to get it as you described, however, you can do one of a couple of things:
post the custom value to a cookie or session variable before sending the user to paypal, then retrieving the cookie or session variable value when they are returned from paypal.
(preferred method) implement an IPN listener that will be able to parse the posted transaction details, one of which is the custom value. This method would allow you to confirm a completed transaction as well as do pretty much anything else with the data that you need to do.
Paypal has PHP code samples for an IPN listener on their DEV site. It's pretty easy to implement and follow along.
I hope this helps.
Old thread I know but if I understand the user correctly and he is using the IPN url to collect the returned data he can use $myphpvar = $_POST[custom];
More info # http://www.brianmoreau.com/articles/paypal_buy_now_button_sending_custom_variables.php