mdnapomdnapo MemberComments: 7 Received thanks: 0 Member since: October 2016

Im working on a Shopware plugin that needs to have an endpoint which can receive post requests from a webhook. I've tried to do this with a custom API endpoint but this means that the API credentials have to be sent through the callback url like so http://:@mywebshop.com/api/custom_endpoint.This works fine when I'm testing the endpoint with Postman, but when using this with the actual webhook, the endpoint is never reached. Can somebody tell me what the cause of the issue could be? Another way to achieve the desired result would also be appreciated.

Thnx in advance!

1 Answer

Answers

  • simklisimkli MemberComments: 1263 Received thanks: 460 Member since: February 2014

      have to be sent through the callback url like so http://:@mywebshop.com/api/custom_endpoint.

    Nope. You can also use digest authentication. Then you don't need to put username and password in the url. If that's also not supported by your webhook you could go with a controller:

    https://developers.shopware.com/developers-guide/controller

    But then everyone could access it without authentication unless you implement your own.

    Quote
    Accepted Answer
  • mdnapomdnapo MemberComments: 7 Received thanks: 0 Member since: October 2016

    I ended up using a simple controller. thank you!

  • DannyDanDannyDan MemberComments: 59 Received thanks: 6 Member since: July 2015

    I ended up using a simple controller. thank you!

    Hi mdnapo,

    I'm also trying to use a controller as callback url for a webhook but its not working. Can you share your simple solution?

    Thanks

    Danny

  • mdnapomdnapo MemberComments: 7 Received thanks: 0 edited September 2018 Member since: October 2016

    Hello Danny Dan,

    A bit of a late reaction, but this is the way I achieved the desired result.

    I started off by creating a controller that extends Enlight_Controller_Action and implements CSRFWhitelistAware in the Controller/Frontend folder.

    Then simply whitelist the actions you want to access publicly.

    I hope this helps! :)

    Greets,

    Donny

  • mdnapomdnapo MemberComments: 7 Received thanks: 0 edited September 2018 Member since: October 2016

    To elaborate a little further. Like Simkli mentioned, when creating callback urls in this manner you have to take care of security yourself!

    So be sure to add your own security model (if necessary).

    Below is an example for creating a callback url controller that is reachable like so, https://yourdomain.com/webhooks/index.

    
    class Shopware_Controllers_Frontend_Webhooks extends Enlight_Controller_Action implements CSRFWhitelistAware
    {
        public function getWhitelistedCSRFActions()
        {
            // Whitelist the action
            return ['index'];
        }
    
        public function indexAction()
        {
            // Your code here
            ...
    
            // Call exit() after you've echoed your response, otherwise the controller might try to return a view, which could lead to errors.
            exit();
        }
    }

    Have a nice evening!

    Greets,

    Donny

  • DannyDanDannyDan MemberComments: 59 Received thanks: 6 Member since: July 2015

    Hi Donny,

    just saw your response. Thanks for the Info, but I already figured that out with the help of Postman. ;)

    Danny

Sign In or Register to comment.