Wrike Secure Webhooks Returns Invalid Parameter
This may be an issue on my part, but when I am trying to implement Secure Webhooks by passing in a secret parameter I am getting the following error returned:
{
"errorDescription": "Web hook url handshake failed",
"error": "invalid_parameter"
}
Registering the webhook without passing in this secret parameter seems to work just fine. I've reviewed the documentation considerably but cannot find why the error is occurring. Is there anything wrong with the URL I'm using is formatted? (Removed hookURL for security purposes)
https://www.wrike.com/api/v4/webhooks?hookUrl=<url>&secret=1234
Hi Russell, welcome to the Community and thanks for reaching out 🙂
I'm going to raise a Support ticket for you now so that someone from the team could help you with this. You'll get a notification soon 🙌
Lisa Community Team at Wrike Wrike Product Manager Become a Wrike expert with Wrike Discover
Lisa Wrike Team member Become a Wrike expert with Wrike Discover
Has this been resolved? I'm getting the same error as described above when trying to set up a hook with a secret
I am also getting the same error and wondering if this is an error on my side, or on Wrike's server.
Just following up on this, but I was able to get this resolved after getting in touch with the Wrike support team. There wasn't any additional information I had to work with that wasn't in the documentation other than this extra step they provided:
The problem I ran into was primarily a fault of how I handled the handshake's creation. On my personal side of things I had to make sure:
Thank you Russell. Your tips helped me find my issue as well.
For me, I was bypassing the handshake with an if-statement for all requests that had an empty req.body, but I used poor logic in the if-statement.
Now I am struggling to achieve a match between the hashed body and the X-Hook-Secret on all non-handshake POST requests.
Where HOOK_SECRET is the same secret that was used to respond to the secure webhook registration.
Have you gotten a match on your end?
The solution to my problem was to decode the request body to text manually, instead of depending on a library.
Using this plain-text string of the request body gave me a matching hmacSha256 hash.
In my case I was generating the HMACSHA256 hash correctly but was returning the Base64 version, what they want (unspecified in the docs) is the hex encoded version, eg:
`4539CF69012C6D365B634653143A36D971A168D77BC09E160341EC39946DF119`
rather than `
(those are the same values just return encoded differently)
Hi Keith Lawrence, appreciate you sharing this!
Lisa Community Team at Wrike Wrike Product Manager Become a Wrike expert with Wrike Discover
Lisa Wrike Team member Become a Wrike expert with Wrike Discover