Bold Commerce custom webhook

Comments

4 comments

  • Tyler Lamparter Principal Product Manager
    Awesome Follow-up
    Engaged
    Top Contributor
    Answer Pro
    Celigo University Level 4: Legendary

    Bryan Carroll the first way you had it looks correct (with the HMAC setup). I did notice that the Bold Commerce expects back a 200 code, but by default IO returns a 204 code. Can you try modifying the response code to 200 under the advanced settings? Also, the flow has to be on or else IO will return a 403 code. Additionally, try enabling the debugger in IO (in the top right of the screenshot below) and see if we are actually getting the payload, but Bold Commerce thinks it's failing.

    0
  • Bryan Carroll

    Tyler Lamparter Thanks for the quick reply!  Good catch on setting the response code.  Unfortunately, it didn't make any difference.  The flow is definitely enabled.  And I had turned on logging when I was testing but nothing came through, and still isn't.  I agree, we're not getting the payload so nothing is getting logged.

    I feel like I need more information from Bold to understand what is happening.  I think my next step is to reach out to them to see if we can get more detailed error reporting because right now we're guessing.

    I'm open to other ideas, too, tho :)

    Thanks again!

    0
  • Bryan Carroll

    Hi Tyler Lamparter, the more I think about this the more I believe I don't have the signature constructed correctly.  The Bold documentation states that the X-Bold-Signature being passed in the header is hashed from the json-encoded request body, the request timestamp, and the signing key that's defined in our Bold Admin for the created webhook.  Is there any way for me to do this in the webhook listener?  It doesn't look like there's a way to hook javascript into the listener to aid in processing the request.

    0
  • Tyler Lamparter Principal Product Manager
    Awesome Follow-up
    Engaged
    Top Contributor
    Answer Pro
    Celigo University Level 4: Legendary

    Bryan Carroll and I met today and swapped over the webhook setup to a secret url and it's working. However, the preferred authentication is HMAC so that we can validate the requests. For that, we've opened up a support ticket and can update back here after resolution.

    0

Please sign in to leave a comment.