Jump to content

Webhook not sending X-Loyverse-Signature in header?


TomWalker

Recommended Posts

Hi there, I'm trying to connect my wordpress site to loyverse data, and I've successfully managed to get OAuth 2 working as intended afaik, where I've got the correct data being posted to Loyverse when certain stuff triggers on my site.

Now I'm trying to send Loyverse data to my website via a webhook, and I'm really struggling. I've set up an endpoint and it all seems to be functioning normally. I've also tried pointing other webhooks to websites like Pipedream to analyse the header data that I've got coming in - and in all cases I'm just not receiving the header "X-Loyverse-Signature" with the webhook data.

Any idea what could be causing this?
 

Link to comment
Share on other sites

I got a reply from loyverse support which was helpful:

Hello, I'm Yasuaki.

Thank you for contacting Loyverse.

There are 3 ways of creating webhooks in Loyverse.

1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks
2. Create webhook from /webhook endpoint using an Access token.
3. Create webhook from /webhook endpoint using OAuth 2.0.

Only when you create a webhook by 3. the webhook will contain X-Loyverse-Signature in the Header.

Link to comment
Share on other sites

  • 8 months later...

So how can we authenticate a webhook if we can't use X-Loyverse-Signature with:  1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks
or 2. Create webhook from /webhook endpoint using an Access token?

 

Link to comment
Share on other sites

9 hours ago, DaveHerbert said:

So how can we authenticate a webhook if we can't use X-Loyverse-Signature with:  1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks
or 2. Create webhook from /webhook endpoint using an Access token?

 

Hello. I wrote the answer here.

 

Link to comment
Share on other sites

Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with:  1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks
or 2. Create webhook from /webhook endpoint using an Access token?

Link to comment
Share on other sites

On 9/6/2024 at 11:59 PM, DaveHerbert said:

Yes i understand that. But the question is: How can we authenticate a webhook that came from loyverse if we can't use X-Loyverse-Signature with:  1. Create webhook from https://r.loyverse.com/dashboard/#/webhooks
or 2. Create webhook from /webhook endpoint using an Access token?

Hello.

If you want to authenticate the webhook by other methods than what they provide, you may need to think the authentication method by yourself.

I can come up with a few ways.

1. Manually checking.
For example, if you want to authenticate the "receipts.update" webhook, when receiving a webhook, you can send a request to get the list of receipt and verify if the webhook you received matches with the response.

2. By IP address
Send a test webhook to yourself to find an IP address.
Then, add the IP to the white list.

Link to comment
Share on other sites

Loyverse Point of Sale

 

 

 

 

×
×
  • Create New...