Jump to content

Webhooks First Looks


Recommended Posts

Just playing with receiving a web hook to another software/service, it appears the data is sent as content-type: application/x-www-form-urlencoded   I think it would be helpful to have a way to choose how to send the data because the receiving side it's impossible to unencoded it as the JSON object is entirely escaped. 

For testing to see what comes back in the payload I am playing with https://pipedream.com/ pretty quick way to build a receiver to see what the forums is sending. 

Link to comment
Share on other sites

I find that the content for the web hook are rather verbose. I would be nice if we could filter and shape the content of the output. 

I can foresee a wizard where we choose the "event"  and see a model of what is going to be sent and then pair down the objects / arrays being sent for particular web hook target url. 

One main concern is when I sent an example it included my IP address and email that typically is a GDPR issue that a third party receiver should NOT need this data. 

Edited by Ocean West
Link to comment
Share on other sites

another observation it seems that each event sends a single json object that triggers the event. I would suspect in the future that may be a limiting factor for larger or very busy sites.

In other web hooks I've seen they would typically cache multiple events into one pay load by making it an array and once the system passes a threshold would send an array of one item or as many as a dozen items. 

 

Link to comment
Share on other sites

playing with this web hook it contains invalid JSON

IPS\forums\Topic

Something with the tags and missing the firstPost object key

1382910848_ScreenShot2022-01-26at12_23_25PM.png.c2498406fbf0e277490cc65bd47f5474.png

 

Update: it may be my receiver that is borking the code. - trying to convert from form-url-encoded to  clean json.

Edited by Ocean West
Link to comment
Share on other sites

I can confirm this issue spent some time with postman and reqestbin and send several tests:

Ideally the method you send should just be application/json and not form-url-encoded if you must add a key to the that so that it can be properly parsed. But I would rather just receive JSON and not have to do extra decoding.

 

617546392_ScreenShot2022-01-26at4_19_12PM.thumb.png.b63ec7e70e5ee90006a1eeca35cef005.png

Link to comment
Share on other sites

On 1/26/2022 at 5:01 AM, Ocean West said:

it seems web hooks runs as root / admin access should we have a way to run under a particular group? 

Could you clarify what you mean here?They don't run under a specific account, they're permission independent.

On 1/26/2022 at 4:38 PM, Ocean West said:

another observation it seems that each event sends a single json object that triggers the event. I would suspect in the future that may be a limiting factor for larger or very busy sites.

 

That's how Webhooks work:)

Quote

In other web hooks I've seen they would typically cache multiple events into one pay load by making it an array and once the system passes a threshold would send an array of one item or as many as a dozen items. 

TBH I've never seen this before, do you have any examples?

The whole point from Webhooks is to notify other services/apps/integration ASAP about one specific event.

Link to comment
Share on other sites

I use Mandrill / And SparkPost and when they send web hook for read/clicks etc the send an array 

{
 "mandrill_events" :
  [ ]
}

This could be one object or many objects based on the cash they have in x minutes your receiver would iterate thru the array to handle each action. https://mailchimp.com/developer/transactional/docs/webhooks/

(yes it is easier to handle one at a time instead of bulk actions)

-

There are no permissions applied to the webhook so everything is visible including email / ip / personal information;  most of the data is entirely not necessary in the payload when sending off to a third party service. In addition to being a glaring breach of privacy policy and terms of services, GDPR. I my current use case I am sending it to myself but if ever wanted to employ some third party service this would be a non-starter.

-

While this is being actively developed sending proper payload is critical sending as JSON would be really helpful I can't move forward with my project because the payload I receive is escaped and become invalid JSON.

It would be nice to see some more configurations to selected the web hook perhaps being able to have a web hook log to see the data being sent and if you can visualize the payload with a JSON editor that would allow you to disable keys arrays that don't need to be sent to a given web hook. 

Link to comment
Share on other sites

The more I play with this I can see my hook receiver is going to be much more complex than it needs to be.

Each even that triggers needs to have more 'filters' in place:

forumsTopic_create for example blasts out anytime a post is made anywhere in any forum. I would have to receive all this noise (which could exceed a web hook limits) and then test to see if it happens to match something I want. Seems like an awful waste of bandwidth if I only wish to focus on one parent forum and its sub-forum.

I would envision to for each of these hooks some wizard of options to restrict the content (pre-filter) before it is considered a viable action to send off to the url.

Adds even more complexity if you send multiple events to same url as the payloads are vastly different and would first need to process logic based on the event being sent. I would almost have specific web hook for each event. 

 

Edited by Ocean West
Link to comment
Share on other sites

  • 1 month later...
  • 1 month later...
On 1/26/2022 at 2:55 AM, Ocean West said:

it appears the data is sent as content-type: application/x-www-form-urlencoded   I think it would be helpful to have a way to choose how to send the data because the receiving side it's impossible to unencoded it as the JSON object is entirely escaped. 

I have added this to our internal roadmap.

 

We're definitely not going to make the payload configurable, that's literally going to increase the support requests because the webhook doesn't work as expected because of missing data.

A platforms webhook payload is standardized, so that any other consumer knows exactly what he's going to get, so renaming e.g. the member_id key to "user_id" will break any consumer.

That said, I can see why you want to have such feature, but it's really better suited as a 3rd party app or plugin.

 

Link to comment
Share on other sites

Really? you have no intention to make it pessimistic by nature and keep it wide open with the current entire payload?

There is PII that is provisionally not allowed to be sent to any third party and which they have no business receiving?

So once you fix the json encoding I will have to send it to myself weed out the data elements I do not wish to send if I ever wanted to send data to a third party for processing. I will always have to be the man in the middle as I could never just send a web hook to a third party due to the content and privacy policies in place.

I know we're only talking about, a forum software but as programmers it behooves us to be accountable and self regulate otherwise the powers to be will impose regulation on the industry. - Watch any of Uncle Bobs videos to understand my points.

 

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...

Round of applause for adding this to the web hooks. 👏

But let's now talk about a way to configure what is in the payload.

It seems that the new DataLayer feature can toggle elements off we need this sort of thing in the web-hooks so as not not to send PII data to a third party. 

Link to comment
Share on other sites

12 minutes ago, Ocean West said:

But let's now talk about a way to configure what is in the payload.

No, that's not going to happen!

A webhooks payload is standardized and it's going to introduce all kind of weirdness once external services receive manipulated payloads with customized or removed data.

I have raised an internal suggestion to encrypt PII data within the payload, so we may bring this with an upcoming release, but I can't share any further information about this yet.

Link to comment
Share on other sites

What / when can we expect to see commerce data in the web hooks? 

Also, I would like to make Invision a core component in something bigger by integrating it into our solution.

Would it be possible to authenticate users via a web service call ?

Additionally, I would also like to do commerce via web services... although perhaps this could be initiated by doing a popup, and then monitoring what happens by getting call backs via web hooks.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...