Wrike Secure Webhooks Returns Invalid Parameter

Комментариев: 6

  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Lisa

    Hi Russell, welcome to the Community and thanks for reaching out 🙂

    I'm going to raise a Support ticket for you now so that someone from the team could help you with this. You'll get a notification soon 🙌

    Lisa Community Team at Wrike 🌎Discover... Wrike Discover and become a Wrike expert. Click here to get started

    Is this helpful? 0
    Действия с комментариями Постоянная ссылка
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Luka Defar

    Has this been resolved? I'm getting the same error as described above when trying to set up a hook with a secret

    Is this helpful? 1
    Действия с комментариями Постоянная ссылка
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    I am also getting the same error and wondering if this is an error on my side, or on Wrike's server.

    Is this helpful? 0
    Действия с комментариями Постоянная ссылка
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Russell Wilkie

    (Изменен )

    Just following up on this, but I was able to get this resolved after getting in touch with the Wrike support team. There wasn't any additional information I had to work with that wasn't in the documentation other than this extra step they provided:

    All further events from this webhook will contain the X-Hook-Secret header with value hmacSha256(key: secret, value: request body), so the client can check authenticity of the events.

    In case of a handshake failure, Wrike responds to client with HTTP status = 400 and "error": "invalid_parameter", "errorDescription": "Web hook url handshake failed".

     

    The problem I ran into was primarily a fault of how I handled the handshake's creation. On my personal side of things I had to make sure:

    1. The hashed X-Hook-Secret header during initial creation was sent as a response
    2. Handshake registration was done through the payload url (Had a middleware used for this)
    3. Firewall settings allowed IP addresses in range: 160.19.162.0/24
    Is this helpful? 1
    Действия с комментариями Постоянная ссылка
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    Thank you Russell. Your tips helped me find my issue as well.

    For me, I was bypassing the handshake with an if-statement for all requests that had an empty req.body, but I used poor logic in the if-statement.

    Now I am struggling to achieve a match between the hashed body and the X-Hook-Secret on all non-handshake POST requests.

    const hashAttempt = req.get('X-Hook-Secret')
    console.log(hashAttempt)
    const hashedMessage = hmacSha256(JSON.stringify(req.body), process.env.HOOK_SECRET)
    console.log(hashedMessage.toString())

    > f3907d9a7ba1207a7cbe8cabcc9c3f8da3e361d65124b6af29cf74b57b8d0a38
    > 11fc11d4474eb39a257b08ff6487904f905a97a1c6a9c642f669b7bb46578c68

    Where HOOK_SECRET is the same secret that was used to respond to the secure webhook registration.

    Have you gotten a match on your end?

    Is this helpful? 0
    Действия с комментариями Постоянная ссылка
  • Spot On! 👍 Innovative Approach 💡 Stellar Advice 💪
    Avatar
    Ben Zenker

    The solution to my problem was to decode the request body to text manually, instead of depending on a library.

     

    Using this plain-text string of the request body gave me a matching hmacSha256 hash.

    Is this helpful? 0
    Действия с комментариями Постоянная ссылка

Войдите в службу, чтобы оставить комментарий.

Folllowing List for Post: Wrike Secure Webhooks Returns Invalid Parameter
[this list is visible for admins and agents only]

Community

Welcome 🖖

Hi there! 🙂 Want to become a black belt Wrike Ninja? Here's how to earn a Wrike badge

Welcome 🖖 Have you checked out this week's Release Notes yet?

Hey! 👋 Curious about something? Visit How To to search and ask the Community for answers.

Welcome! 👋 Figured out a good tip or trick? Share it in Best Practices.

Want to connect your existing software to Wrike? Learn and ask how in the API section.