Asana::Errors::Forbidden when trying to create a new webhook

Hi Team Asana :wave:

I thought I’d drop y’all a quick note to highlight an issue I’ve been battling against for several weeks and that I think I might finally have pieced together.

We run a simple app in Heroku to consume webhook notifications from Asana and post updates into Slack. Every now and again we find that webhooks for a particular resource (project) stop arriving, possibly due to a sync_error, at which point my colleagues try to “fix” the issue by deleting the existing webhook for the problematic resource and creating a new webhook. Sometime

Sometimes this workaround “fixes” the issue and we receive a flurry of (previously missing) webhooks, though on other occasions, we consistently receive an Asana::Errors::Forbidden response, which is odd, as nothing has changed in terms of user or project permissions.

After troubleshooting, I’ve figured out that I can “fix” the issue by deleting all registered webhooks and then resending the POST request to (re)create the webhook on the problematic project. I have a working theory that, sometimes, deleting a webhook via the Asana API leaves something knocking around behind the scenes. The presence of this “partially deleted” webhook then prevents new webhooks from being created. This theory is supported by the fact that, after deleting a webhook for a particular resource (project), we’ll continue to receive webhooks for new events, though if we retrieve the full list of webhooks from your API, the resource (project) doesn’t feature in the list of enabled webhooks.

I’m assuming that, when I interact with the API to create/delete webhooks, I’m adding/deleting records in a webhooks database table and adding/removing subscriptions in an internal system, responsible for sending the webhooks to third parties? Is it possible some of my delete requests update the database but fail to update the internal notification system, leaving things in an inconsistent state?

I hope this makes sense and I’d be grateful to hear your thoughts on this issue.

Thank you!
Dave J

Hi Team Asana :wave:

I wonder if anyone has been able to read over my post above and whether you could share your findings / thoughts? My theory above has been built from a lot of troubleshooting and observation over time and I’d really value your input.

For now, we seem to be keeping our webhooks “healthy” with a daily cron to delete all registered webhooks and re-create them all afresh. This seems to give us a reliable connection that POSTs all activity from our Asana tasks. In the long run, w’d like to remove this workaround as it adds undue stress on your API and introduces code that we need to maintain over time.

Many thanks in advance for your help,
Dave J

I haven’t experienced your issues with my Flowsana integration (which has LOTS of users and webhooks) so I can’t comment on your experience directly. The only time I’ve experienced webhooks stop working and having to delete/recreate them en masse is a few times when there’s been a specific known Asana API outage affecting webhooks.

cc: @Ross_Grambo any added thoughts?

Morning folks,

Just to quickly follow up, I’ve (finally) tracked down a bug in my code that meant calls to asana_client.webhooks.delete_webhook were (silently) failing. This explains why future attempts to create a webhook for the same Asana resource were triggering Forbidden errors from Asana; presumably, each resource can only have one active webhook for a single webhook destination?

As a suggestion, it might be clearer to raise an alternative error, rather than forbidden, if/when an integration tries to set up a duplicate webhook. I spent a few hours double-checking and troubleshooting my permissions and access tokens, though in the end, these were unrelated to the issue.

I hope you all have a lovely Christmas!
Dave J

1 Like