TomWalker Posted December 17, 2023 Posted December 17, 2023 Hi there, I'm trying to connect my wordpress site to loyverse data, and I've successfully managed to get OAuth 2 working as intended afaik, where I've got the correct data being posted to Loyverse when certain stuff triggers on my site. Now I'm trying to send Loyverse data to my website via a webhook, and I'm really struggling. I've set up an endpoint and it all seems to be functioning normally. I've also tried pointing other webhooks to websites like Pipedream to analyse the header data that I've got coming in - and in all cases I'm just not receiving the header "X-Loyverse-Signature" with the webhook data. Any idea what could be causing this?
TomWalker Posted December 19, 2023 Author Posted December 19, 2023 I got a reply from loyverse support which was helpful: Hello, I'm Yasuaki. Thank you for contacting Loyverse. There are 3 ways of creating webhooks in Loyverse. 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks 2. Create webhook from /webhook endpoint using an Access token. 3. Create webhook from /webhook endpoint using OAuth 2.0. Only when you create a webhook by 3. the webhook will contain X-Loyverse-Signature in the Header.
DaveHerbert Posted September 5, 2024 Posted September 5, 2024 So how can we authenticate a webhook if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token?
Yasuaki Posted September 6, 2024 Posted September 6, 2024 9 hours ago, DaveHerbert said: So how can we authenticate a webhook if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Hello. I wrote the answer here.
DaveHerbert Posted September 6, 2024 Posted September 6, 2024 Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token?
Tanaka_Shotaro Posted September 9, 2024 Posted September 9, 2024 On 9/6/2024 at 11:59 PM, DaveHerbert said: Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Hello. If you want to authenticate the webhook by other methods than what they provide, you may need to think the authentication method by yourself. I can come up with a few ways. 1. Manually checking. For example, if you want to authenticate the "receipts.update" webhook, when receiving a webhook, you can send a request to get the list of receipt and verify if the webhook you received matches with the response. 2. By IP address Send a test webhook to yourself to find an IP address. Then, add the IP to the white list.
.cropped.png.a7e4ae4c5301e57c9ef939a22b67918e.png){kind=logo}
Recommended Posts