How to implement a webhook endpoint in Shopware?

Shopware 5 International (English Only)
1

Im working on a Shopware plugin that needs to have an endpoint which can receive post requests from a webhook. I’ve tried to do this with a custom API endpoint but this means that the API credentials have to be sent through the callback url like so  http://:<api_key>@mywebshop.com/api/custom_endpoint</api_key>.This works fine when I’m testing the endpoint with Postman, but when using this with the actual webhook, the endpoint is never reached. Can somebody tell me what the cause of the issue could be? Another way to achieve the desired result would also be appreciated.

Thnx in advance!

2

  have to be sent through the callback url like so http://:@mywebshop.com/api/custom_endpoint.

Nope. You can also use digest authentication. Then you don’t need to put username and password in the url. If that’s also not supported by your webhook you could go with a controller:

But then everyone could access it without authentication unless you implement your own.

3

I ended up using a simple controller. thank you!

4

@mdnapo schrieb:

I ended up using a simple controller. thank you!

Hi mdnapo,

I’m also trying to use a controller as callback url for a webhook but its not working. Can you share your simple solution?

Thanks

Danny

5

Hello Danny Dan,

A bit of a late reaction, but this is the way I achieved the desired result.

I started off by creating a controller that extends Enlight_Controller_Action and implements CSRFWhitelistAware in the Controller/Frontend folder.

Then simply whitelist the actions you want to access publicly.

I hope this helps! :slight_smile:

Greets,

Donny

6

To elaborate a little further. Like Simkli mentioned, when creating callback urls in this manner you have to take care of security yourself!

So be sure to add your own security model (if necessary).

Below is an example for creating a callback url controller that is reachable like so, https://yourdomain.com/webhooks/index.

class Shopware_Controllers_Frontend_Webhooks extends Enlight_Controller_Action implements CSRFWhitelistAware
{
    public function getWhitelistedCSRFActions()
    {
        // Whitelist the action
        return ['index'];
    }

    public function indexAction()
    {
        // Your code here
        ...

        // Call exit() after you've echoed your response, otherwise the controller might try to return a view, which could lead to errors.
        exit();
    }
}

Have a nice evening!

Greets,

Donny

7

Hi Donny,

just saw your response. Thanks for the Info, but I already figured that out with the help of Postman. :wink:

Danny