mdnapomdnapo MitgliedKommentare: 7 Danke erhalten: 0 Mitglied seit: Oktober 2016

Im working on a Shopware plugin that needs to have an endpoint which can receive post requests from a webhook. I've tried to do this with a custom API endpoint but this means that the API credentials have to be sent through the callback url like so http://:@mywebshop.com/api/custom_endpoint.This works fine when I'm testing the endpoint with Postman, but when using this with the actual webhook, the endpoint is never reached. Can somebody tell me what the cause of the issue could be? Another way to achieve the desired result would also be appreciated.

Thnx in advance!

1 Antwort

Antworten

  • simklisimkli MitgliedKommentare: 1232 Danke erhalten: 437 Mitglied seit: Februar 2014

      have to be sent through the callback url like so http://:@mywebshop.com/api/custom_endpoint.

    Nope. You can also use digest authentication. Then you don't need to put username and password in the url. If that's also not supported by your webhook you could go with a controller:

    https://developers.shopware.com/developers-guide/controller

    But then everyone could access it without authentication unless you implement your own.

    Zitieren
    Akzeptierte Antwort
  • mdnapomdnapo MitgliedKommentare: 7 Danke erhalten: 0 Mitglied seit: Oktober 2016

    I ended up using a simple controller. thank you!

  • DannyDanDannyDan MitgliedKommentare: 50 Danke erhalten: 4 Mitglied seit: Juli 2015

    I ended up using a simple controller. thank you!

    Hi mdnapo,

    I'm also trying to use a controller as callback url for a webhook but its not working. Can you share your simple solution?

    Thanks

    Danny

  • mdnapomdnapo MitgliedKommentare: 7 Danke erhalten: 0 bearbeitet 19. September Mitglied seit: Oktober 2016

    Hello Danny Dan,

    A bit of a late reaction, but this is the way I achieved the desired result.

    I started off by creating a controller that extends Enlight_Controller_Action and implements CSRFWhitelistAware in the Controller/Frontend folder.

    Then simply whitelist the actions you want to access publicly.

    I hope this helps! :)

    Greets,

    Donny

  • mdnapomdnapo MitgliedKommentare: 7 Danke erhalten: 0 bearbeitet 19. September Mitglied seit: Oktober 2016

    To elaborate a little further. Like Simkli mentioned, when creating callback urls in this manner you have to take care of security yourself!

    So be sure to add your own security model (if necessary).

    Below is an example for creating a callback url controller that is reachable like so, https://yourdomain.com/webhooks/index.

    
    class Shopware_Controllers_Frontend_Webhooks extends Enlight_Controller_Action implements CSRFWhitelistAware
    {
        public function getWhitelistedCSRFActions()
        {
            // Whitelist the action
            return ['index'];
        }
    
        public function indexAction()
        {
            // Your code here
            ...
    
            // Call exit() after you've echoed your response, otherwise the controller might try to return a view, which could lead to errors.
            exit();
        }
    }

    Have a nice evening!

    Greets,

    Donny

Anmelden oder Registrieren, um zu kommentieren.