Community

Welcome 🖖

Hi there! 🙂 Want to become a black belt Wrike Ninja? Here's how to earn a Wrike badge

Welcome 🖖 Have you checked out this week's Release Notes yet?

Hey! 👋 Curious about something? Visit How To to search and ask the Community for answers.

Welcome! 👋 Figured out a good tip or trick? Share it in Best Practices.

Want to connect your existing software to Wrike? Learn and ask how in the API section.

¿Con qué podemos ayudarte?

Por ejemplo Diagramas de Gantt, Crear tareas, Compartir carpetas...

Wrike Secure Webhooks Returns Invalid Parameter

6 comentarios

  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Lisa

    Hi Russell, welcome to the Community and thanks for reaching out 🙂

    I'm going to raise a Support ticket for you now so that someone from the team could help you with this. You'll get a notification soon 🙌

    Lisa Community Team at Wrike 🌎Discover... Wrike Discover and become a Wrike expert. Click here to get started

    Is this helpful? 0
    Acciones de comentarios Permalink
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Luka Defar

    Has this been resolved? I'm getting the same error as described above when trying to set up a hook with a secret

    Is this helpful? 1
    Acciones de comentarios Permalink
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    I am also getting the same error and wondering if this is an error on my side, or on Wrike's server.

    Is this helpful? 0
    Acciones de comentarios Permalink
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Russell Wilkie

    (Editado )

    Just following up on this, but I was able to get this resolved after getting in touch with the Wrike support team. There wasn't any additional information I had to work with that wasn't in the documentation other than this extra step they provided:

    All further events from this webhook will contain the X-Hook-Secret header with value hmacSha256(key: secret, value: request body), so the client can check authenticity of the events.

    In case of a handshake failure, Wrike responds to client with HTTP status = 400 and "error": "invalid_parameter", "errorDescription": "Web hook url handshake failed".

     

    The problem I ran into was primarily a fault of how I handled the handshake's creation. On my personal side of things I had to make sure:

    1. The hashed X-Hook-Secret header during initial creation was sent as a response
    2. Handshake registration was done through the payload url (Had a middleware used for this)
    3. Firewall settings allowed IP addresses in range: 160.19.162.0/24
    Is this helpful? 1
    Acciones de comentarios Permalink
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    Thank you Russell. Your tips helped me find my issue as well.

    For me, I was bypassing the handshake with an if-statement for all requests that had an empty req.body, but I used poor logic in the if-statement.

    Now I am struggling to achieve a match between the hashed body and the X-Hook-Secret on all non-handshake POST requests.

    const hashAttempt = req.get('X-Hook-Secret')
    console.log(hashAttempt)
    const hashedMessage = hmacSha256(JSON.stringify(req.body), process.env.HOOK_SECRET)
    console.log(hashedMessage.toString())

    > f3907d9a7ba1207a7cbe8cabcc9c3f8da3e361d65124b6af29cf74b57b8d0a38
    > 11fc11d4474eb39a257b08ff6487904f905a97a1c6a9c642f669b7bb46578c68

    Where HOOK_SECRET is the same secret that was used to respond to the secure webhook registration.

    Have you gotten a match on your end?

    Is this helpful? 0
    Acciones de comentarios Permalink
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    The solution to my problem was to decode the request body to text manually, instead of depending on a library.

     

    Using this plain-text string of the request body gave me a matching hmacSha256 hash.

    Is this helpful? 0
    Acciones de comentarios Permalink

Iniciar sesión para dejar un comentario.

Folllowing List for Post: Wrike Secure Webhooks Returns Invalid Parameter
[this list is visible for admins and agents only]

Community

Welcome 🖖

Hi there! 🙂 Want to become a black belt Wrike Ninja? Here's how to earn a Wrike badge

Welcome 🖖 Have you checked out this week's Release Notes yet?

Hey! 👋 Curious about something? Visit How To to search and ask the Community for answers.

Welcome! 👋 Figured out a good tip or trick? Share it in Best Practices.

Want to connect your existing software to Wrike? Learn and ask how in the API section.