I am trying to get a webhook sent from cloudconvert when a file has finished uploading, however, I am having trouble receiving the data.
The first time when i set up the url with the /initialize link it seemed to work, but now i am having no joy. Do I use the domain for my app or the bubble domain?
Thanks
Just use the URL it gives to you (you can use either) when detecting it but when making it live remove the /initialize. A few things to check:
Have you removed the /initialize after testing it?
Are you authenticating the call using an API key? ?api_token=[key]
If you’re not using an API key, is the API configured as a public workflow? If so what auth have you implemented?
Yes i’ve tried removing the /initialize but still no joy. I am getting error code 400 from convertkit.
I probably need to set up authentication for it as have none at the moment. This is what it says about signing on cloudconvert:
Signing
Our requests are cryptographically signed. If you receive a webhook, you should validate it to make sure it comes from us. Each webhook has a unique signing secret. You can show the signing secret in your webhook settings using the button.
The CloudConvert-Signature header contains a hash-based message authentication code (HMAC) with SHA-256.
As an example, the following PHP function call calculates the signature for validation:
$signature = hash_hmac('sha256', $payload, $signingSecret);
$payload is the full request body (the JSON string) of our request to the webhook URL. You can find the $signingSecret for your webhook in your webhook settings.
How would i go about doing this in bubble? Thanks
The CloudConvert docs are proposing you check/sign the webhook to validate it is one from their app (and not an imposter). If you wanted to do that you would do it in the workflow action itself but it doesn’t sound like you’re receiving the webhook to get to that stage yet.
From the Bubble side, your settings currently look to set to receive the webhook so it suggests it’s something happening on the Cloudconvert side. e.g. it’s sending it to the wrong endpoint or it’s not triggering.
Just to check you specified the “version-test” URL in Cloudconvert? It should look something like this whilst you’re testing it:
https://yourapp.bubbleapps.io/version-test/api/1.1/wf/cloudconvertsuccess
Also, have you created at least one action in the “cloudconvertsuccces” Workflow itself so you can see whether it’s actually doing something? Have it create a new db entry or something simple whilst you get it working.
I think ive setup the webhook so it works in test mode, is there something i have to change when actually publishing it live? Also need to get the signing sorted, is this as simple as using conditionals on the webhook api event?
After publishing your app to live, point your webhook there instead of /version-test (just remove it) Everything else stays the same.
In terms of signing each webhook, you need to verify that the “CloudConvert-Signature” header in each webhook request is the same value as when you perform a HMAC on the incoming JSON.
If it’s not > you would terminate the workflow. If it matches > you know it’s come from CloudConvert so can continue.
To do the validation in a backend workflow you will need to write a server script (check out the Toolbox plugin for that… or look for a plugin that has an action to do it in the markplace) to do the function and get the hash to compare it.
A simpler alternative (which would provide some auth) is to generate an APIKEY for authenticating CloudConvert in your app:
The outcome is that anyone posting to that endpoint without your apikey will be denied.
