SurveyMonkey Webhook - Response expected - surveymonkey

From the docs at https://developer.surveymonkey.net/api/v3/#webhooks and trying out the feature I understand that webhooks first do a HEAD and then POST call to my webhook receiver public API.
Does the webhook POST callback to my receiver API require a response from it??
Many webhooks pay attention to responses and re-send requests if the application errors out. Just wanted to understand how SurveyMonkey deals with responses.

Perhaps this should be specified in the documentation, but no, SurveyMonkey doesn't expect a response, as in it doesn't expect any particular body returned to us.
That said it does expect you to return a 2xx HTTP status code (which is usually automatically handled by any web server framework you use).

Related

Trigger Twilio Flow form Freshdesk Automation webhook

I need to trigger Twilio Flow Rest API via a webhook that freshdesk have on the automation feature.
Twilio Flow
I configure the automation with webhook service: https://webhook.site and i received the data.
Freshdesk Automation Webhook configuration
When I use POSTMAN to trigger the flow it works perfectly.
POSTMAN TWILIO
Based on your screenshots, you are sending the data differently to Twilio with each approach.
The Freshdesk example is sending application/json but Postman (which you indicated works) is using form-data.Try selecting X-FORM-URLENCODED on the Freshdesk side.
Creating or Updating Resources with the HTTP POST and PUT Methods
"Creating or updating a resource involves performing an HTTP PUT or HTTP POST to a resource URI. In the PUT or POST, you represent the properties of the object you wish to update as form urlencoded key/value pairs. Don't worry, this is already the way browsers encode POSTs by default. But be sure to set the HTTP Content-Type header to "application/x-www-form-urlencoded" for your requests if you are writing your own client."

How to validate X-TWILIO-SIGNATURE

We are using twilio to send/receive SMS messages. We have a webhook configured to receive the messages sent by a customer. We want to validate if the request infact originated from twilio. I was going through the documentation and found that there is a method called validated in twilio sdk. For some reason we are not using the sdk. So we want to validate it by ourself. Can anyone please tell me how to validate?
You can do it yourself without the SDK if you wish.
In short, you'll have to use https for your webhooks when configuring at Twilio, and, on your server side, validate a signature which Twilio sends as a header X-Twilio-Signature when making the request.
Computing the signature means to re-assemble the request data and compute a hash using your Twilio account AuthToken.
This is explained in more details on Twilio's docs here:
https://www.twilio.com/docs/usage/security#validating-requests

How to ensure only Twilio hits my api endpoint?

I am using Twilio Voice API to make calls. The flow is that a user initiates an action on my site, we then send a request to Twilio API via the twilio object in the ruby gem. This object contains the
'from' number , 'to' number , 'url'
The 'url' is my API end point, which looks something like this
.../api/v1/users/here
From here, I route the request to one of my controllers' actions to serve up a twiml to play.
My question is: How can I ensure that ONLY TWILIO is able to ping this api endpoint?
a) Is there some kind of identifier in Twilio's request that I can use to validate source?
b) I am using Grape gem to set up the api endpoint. Can I do something with the grape gem for this purpose?
Twilio evangelist here.
Twilio has a special header we send called X-Twilio-Signature that allows you to validate that the webhook request is only coming from Twilio.
The Ruby helper library includes a piece of middleware that you can plug in to check for this header and perform the validation. Check out this blog post for more info:
https://www.twilio.com/blog/2014/09/securing-your-ruby-webhooks-with-rack-middleware.html
Hope that helps
A simple way to do this is with an API token. Pick a nice, random string and set up your Twilio URL to include ?token=abcd1234, then on your server, verify that the token is present. Anyone else hitting your endpoint won't have it, so you know it must be Twilio.

Twilio Request URL- JSON?

On my Twilio number I have a Request URL configured for Messaging. The problem is I need the HTTP Post from Twilio in json but there doesn't seem to be a way to configure it.
Hi Twilio developer evangelist here.
Unfortunately there will be no way for you to configure Twilio to post a JSON request to your server. What you can do however is post to a different server that will take that request, turn it into JSON and then make a request to your original endpoint with a JSON packet.
That's obviously if you can't just convert the POST request into JSON on your original server, which is preferable.
Let me know if you have any more questions.

Asana API Cross-Domain Request Access Control Headers

I'm trying to make a GET request to the Asana API from the browser. Because this is a cross-domain request, the client first sends an OPTIONS request. I'm running into the same issue that was described in this Stack Overflow question a year ago, ASANA API and Access-Control-* headers, where the Asana API doesn't respond with the Access-Control parameters.
I'm wondering whether the new release of the Asana Connect and OAuth2 addresses this problem and I'm simply doing something wrong or if this is still unsupported.
(I work at Asana.) Sorry, looks like this slipped through the cracks.
We currently do not allow Cross-Origin requests. However, we do support JSONP if you use Oauth2 and authenticate with a bearer token. This allows you to make secure requests from a JS client.
Just append opt_jsonp=CALLBACK as a parameter to the request, where CALLBACK is the name of the javascript function you would like to be called back with the response data.

Resources