TomWalker Posted December 17, 2023 Share Posted December 17, 2023 Hi there, I'm trying to connect my wordpress site to loyverse data, and I've successfully managed to get OAuth 2 working as intended afaik, where I've got the correct data being posted to Loyverse when certain stuff triggers on my site. Now I'm trying to send Loyverse data to my website via a webhook, and I'm really struggling. I've set up an endpoint and it all seems to be functioning normally. I've also tried pointing other webhooks to websites like Pipedream to analyse the header data that I've got coming in - and in all cases I'm just not receiving the header "X-Loyverse-Signature" with the webhook data. Any idea what could be causing this? Link to comment Share on other sites More sharing options...
TomWalker Posted December 19, 2023 Author Share Posted December 19, 2023 I got a reply from loyverse support which was helpful: Hello, I'm Yasuaki. Thank you for contacting Loyverse. There are 3 ways of creating webhooks in Loyverse. 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks 2. Create webhook from /webhook endpoint using an Access token. 3. Create webhook from /webhook endpoint using OAuth 2.0. Only when you create a webhook by 3. the webhook will contain X-Loyverse-Signature in the Header. Link to comment Share on other sites More sharing options...
DaveHerbert Posted September 5 Share Posted September 5 So how can we authenticate a webhook if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Link to comment Share on other sites More sharing options...
Yasuaki Posted September 6 Share Posted September 6 9 hours ago, DaveHerbert said: So how can we authenticate a webhook if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Hello. I wrote the answer here. Link to comment Share on other sites More sharing options...
DaveHerbert Posted September 6 Share Posted September 6 Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Link to comment Share on other sites More sharing options...
Tanaka_Shotaro Posted September 9 Share Posted September 9 On 9/6/2024 at 11:59 PM, DaveHerbert said: Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with: 1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks or 2. Create webhook from /webhook endpoint using an Access token? Hello. If you want to authenticate the webhook by other methods than what they provide, you may need to think the authentication method by yourself. I can come up with a few ways. 1. Manually checking. For example, if you want to authenticate the "receipts.update" webhook, when receiving a webhook, you can send a request to get the list of receipt and verify if the webhook you received matches with the response. 2. By IP address Send a test webhook to yourself to find an IP address. Then, add the IP to the white list. Link to comment Share on other sites More sharing options...
.cropped.png.a7e4ae4c5301e57c9ef939a22b67918e.png){kind=logo}
Recommended Posts