Xero webhook: Intent to receive

I’m having issues validating a Xero webhook intent to receive.

Here is the Xero documentation:

The Xero documentation states :

If the payload is hashed using HMACSHA256 with your webhook signing key and base64 encoded, it should match the signature in the header. This is a correctly signed payload . If the signature does not match the hashed payload it is an incorrectly signed payload .

To gain Intent to receive validation, the receiving url must respond with status: 200 Ok for all correctly signed payloads and respond with status: 401 Unauthorized for all incorrectly signed payloads .

Backend workflow I’ve set up the following:

But when I validate it through Xero developer portal I receive an error:
image

Here is the raw API workflow:

What am I doing wrong?

It looks like you are validating the signature of the headers NOT the JSON body. To fix this you will have to reconstitute the JSON exactly as it was transmitted and then go through the signature validation. Or dirty little secret you could just always return 200. At least for now. Although blindly accepting data is always a very bad security practice.

Yes, I tried to return a 200 to get it set up but I get the following error when trying to validate it with Xero:
image

How do you "reconstitute the JSON exactly as it was transmitted and then go through the signature validation? How do I do this with the “only when” condition?

Try changing the reponse type drop down to text and then return an an empty string. See the reponse action

I don’t see “text” as an option:
image

Are you able to share screenshots of how you’ve successfully validated a xero webhook intent?

That is the reponse Bubble receives not sends. To send a response, even an empty one, you need to use the action in the hyperlink above.

Hello, have you been able to solve this problem?

Hi @bailey , Have you been solve this problem?

Hi, has anyone been able to work this out?

Any updates in 2024? @aaronsheldon @bailey

Nothing?

Use Zapier or Make.

Thanks @will_ericksson,

So I would intialize Xero to send webhooks to Make and that would forward it to bubble?

Will this work if my app will have multiple customers Xero accounts connected?

@chad5 we’ve only used Zapier. Go to Zapier and see which Xero events can trigger a Zap. I think it’s invoice and contact changes. From there you can setup a Bubble step to send the data to your webhook.

(2) This solution would NOT support multiple Xero accounts for different Bubble users in one Bubble app. We only have this configured into a 1:1 relationship Xero to Bubble.

Ok thanks @will_ericksson

I think I could get it to happen on make thanks for the tip