not able to create webhook

integrations
tasks
webhooks
#1

I am trying to create webhook but every time getting below error /
{“errors”:[{“message”:“The remote server did not respond with the handshake secret.”,“help”:“For more information on API status codes and how to handle them, read the docs on errors: https://asana.com/developers/documentation/getting-started/errors”}]}/

My Code is something like this

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, ‘https://app.asana.com/api/1.0/webhooks’);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, “resource=TaskID&target=targeturlforwebhook”);
curl_setopt($ch, CURLOPT_POST, 1);

$headers = array();
$headers = ‘Authorization: Bearer <ASANA_PERSONAL_ACCESS_TOKEN>’;
$headers = ‘Content-Type: application/x-www-form-urlencoded’;
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);

On targeturlforwebhook i created one function which send header back to asana for handshake request. code of that function is something like this

public function webhookfunction()
{
if (!empty($headers[‘X-Hook-Secret’]))
{
header(“X-Hook-Secret:”.$headers[‘X-Hook-Secret’]);
header(“HTTP/1.1 200 OK”);
exit;
}
}

But still getting error. Please help me. Couldn’t understand what’s wrong.

Thanks in advance.

#2

Hi :wave:
You should check out Failed to get X-Hook-Secret & Issue in creating webhooks, see of that helps

#3

Hmmm, offhand it looks like you’re doing the handshake response correctly - but the error indicates that your response is not making it back to Asana successfully.

targeturlforwebhook - is that an HTTPS endpoint? It needs to be.

1 Like
#5

Yes targeturlforwebhook is an HTTPS ENDPOINT.like https://example.com/myasanawebhook and myasanawebhook is a function which defined some where in site.

#6

@Phil_Seeman and @Bastien_Siebman

as per explanation in https://asana.com/developers/api-reference/webhooks i have 2 questions

  1. As per explanation

Handshake sent to mysite

POST /receive-webhook/7654
X-Hook-Secret: b537207f20cbfa02357cf448134da559e8bd39d61597dcd5631b8012eae53e81

as a $_POST i will get X-Hook-Secret or as a header parameter i will get X-Hook-Secret response?

  1. Handshake response sent by mysite

HTTP/1.1 200
X-Hook-Secret: b537207f20cbfa02357cf448134da559e8bd39d61597dcd5631b8012eae53e81

If i am receiving X-Hook-Secret i need to just echo X-Hook-Secret or need to pass as a header?

#7

It comes in as a header, and you send it back as a header.

Which is what it looks like you’re doing…