cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
cagee
Frequent Visitor

Delete webhook sends different Authorization header than Post (creating webhook)

I am building a custom connector. The security is set to API Key type, which sends a token that user gets in our application. Everything works fine but the problem is on delete webhook action a different type of API key is sent in the authorization header. 

According to documentation here: 
https://docs.microsoft.com/en-us/connectors/custom-connectors/create-webhook-trigger

"No aditional header is included for the delete webhook call. The same connection used in the connector is also used for the delete webhook call."

The Authotization header in post:
Screenshot 2021-04-12 150353.png

We expect the same type of Auth in delete too but this is what we receive:

Screenshot 2021-04-12 150513.png

 

We are supposed to receive the same authorization header as post action right? But as you can see a different key is sent. What are we doing wrong?
Here is the swagger parts for post and delete: 

 

/hook/:
    x-ms-notification-content:
      schema:
        type: object
        x-ms-dynamic-schema:
          parameters:
            schemaType: {parameter: eventPath}
          operationId: GetSchema
          value-path: schema
        x-ms-dynamic-properties:
          parameters:
            schemaType: {parameterReference: eventPath}
          operationId: GetSchema
          itemValuePath: schema
      description: Schema of the webhook payload from Assently
    post:
      responses:
        '201': {description: Created}
      summary: Case trigger event 2
      description: 'Trigger when:'
      operationId: CaseEventTrigger
      x-ms-trigger: single
      parameters:
      - {$ref: '#/parameters/eventPath_in_query'}
      - name: body
        in: body
        required: false
        schema:
          type: object
          properties:
            callbackUrl: {type: string, description: callbackUrl, x-ms-notification-url: true,
              x-ms-visibility: internal, title: ''}
          required: [callbackUrl]
  /hook/{hookId}:
    delete:
      description: Deletes a webhook
      operationId: DeleteTrigger
      parameters:
      - {name: hookId, in: path, description: ID of the Hook being deleted, required: true,
        x-ms-url-encoding: single, type: string}
      responses:
        '200': {description: Ok}
      summary: Deletes a webhook
      x-ms-visibility: internal

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
cagee
Frequent Visitor

We finally found out that the problem was the delete url that we sent by Location header had been resolving by http. Fixing it to https solved the problem and we receive the expected token. Make sure your delete url is https. 

View solution in original post

5 REPLIES 5
murshed
Microsoft
Microsoft

Can you test the delete method just by creating an action to delete an existing webhook? Please make sure the location matches delete action.

 

"In order for Logic Apps or Power Automate to delete a webhook, the API must include a Location HTTP header in the 201 response at the time the webhook is created. The Location header should contain the path to the webhook that is used with the HTTP DELETE. For example, the Location included with GitHub's response follows this format: https://api.github.com/repos/ <user name>/<repo name>/hooks/<hook ID>."

 

If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

cagee
Frequent Visitor

we are sending the location header, that's why we receive the delete request in our API that I've shared the Authorization header screenshot of it . When I test the action in Test tab of the connector, everything is fine. We receive the key of user's connection and the custom header that we have set as policy to be sent on requests. But when we delete a flow a different type of Authorization header is sent and also the custom header is missing.

cagee
Frequent Visitor

We finally found out that the problem was the delete url that we sent by Location header had been resolving by http. Fixing it to https solved the problem and we receive the expected token. Make sure your delete url is https. 

nhance
Advocate II
Advocate II

This issue is still occurring not due to scheme.

We're seeing the same `Key` authorization header in the DELETE request, but all other requests operate correctly using the authentication method defined in the connector.

 

Our security type is BASIC authentication for our connector.

 

This feels like a possible security concern, as the credentials passed to the DELETE are not for our application. 

 

@murshed @Amjed-Ayoub 

 

Seeing a 401 response for only the DELETE request:

 

[25/Apr/2022:20:22:44 +0000] "DELETE /webhooks/18 HTTP/1.0" 401 615 "-" "azure-logic-apps/1.0 (workflow d9e2faa860124504aa713d81c66b4d8d; version 08585506906287617235) microsoft-flow/1.0"

 

Here's a sample of the key we're getting:

 

Key eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IktIZlFMRXBEelpLVTEyRFpYWmtIejYxdjRPZyJ9.eyJ0cyI6IjU4ODVm[REDACTED FOR SECURITY]TeQdcoR6vw'

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

New Process Advisor Capabilities carousel.png

Read the blog for the latest news

Read the latest about new experiences and capabilities in the Power Automate product blog.

PA Survey Carousel Image.png

We want to hear from you!

If you are a small business ISV/Reseller, share your thoughts with our research team.

AI Builder AMA June 7th carousel (up on May 25th, take down June 8th) (1).png

'Ask Microsoft Anything' about AI Builder!

The AI Builder team invite you to ask questions and provide helpful answers at our next AMA.

Top Kudoed Authors
Users online (1,493)