Chilkat Online Tools

PowerBuilder / New FreshBooks / Verify Webhook Callback

Back to Collection Items

integer li_rc
oleobject loo_Http
integer li_Success
oleobject loo_Json
oleobject loo_SbRequestBody
oleobject loo_Resp

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

loo_Http = create oleobject
// Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0
li_rc = loo_Http.ConnectToNewObject("Chilkat.Http")
if li_rc < 0 then
    destroy loo_Http
    MessageBox("Error","Connecting to COM object failed")
    return
end if

// Use this online tool to generate code from sample JSON: Generate Code to Create JSON

// The following JSON is sent in the request body.

// {
//   "callback": {
//     "callback_id": 123,
//     "verifier": "{{verifier}}"
//   }
// }

loo_Json = create oleobject
// Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
li_rc = loo_Json.ConnectToNewObject("Chilkat.JsonObject")

loo_Json.UpdateInt("callback.callback_id",123)
loo_Json.UpdateString("callback.verifier","{{verifier}}")

// Adds the "Authorization: Bearer <access_token>" header.
loo_Http.AuthToken = "<access_token>"
loo_Http.SetRequestHeader("Content-Type","application/json")

loo_SbRequestBody = create oleobject
// Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
li_rc = loo_SbRequestBody.ConnectToNewObject("Chilkat.StringBuilder")

loo_Json.EmitSb(loo_SbRequestBody)

loo_Resp = loo_Http.PTextSb("PUT","https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}",loo_SbRequestBody,"utf-8","application/json",0,0)
if loo_Http.LastMethodSuccess = 0 then
    Write-Debug loo_Http.LastErrorText
    destroy loo_Http
    destroy loo_Json
    destroy loo_SbRequestBody
    return
end if

Write-Debug string(loo_Resp.StatusCode)
Write-Debug loo_Resp.BodyStr
destroy loo_Resp


destroy loo_Http
destroy loo_Json
destroy loo_SbRequestBody

Curl Command

curl -X PUT
	-H "Authorization: Bearer <access_token>"
	-H "Content-Type: application/json"
	-d '{
    "callback": {
        "callback_id": {{callbackId}},
        "verifier": "{{verifier}}"
    }
}'
https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}

Postman Collection Item JSON

{
  "name": "Verify Webhook Callback",
  "request": {
    "method": "PUT",
    "header": [
      {
        "key": "Content-Type",
        "name": "Content-Type",
        "value": "application/json",
        "type": "text"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n    \"callback\": {\n        \"callback_id\": {{callbackId}},\n        \"verifier\": \"{{verifier}}\"\n    }\n}"
    },
    "url": {
      "raw": "https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}",
      "protocol": "https",
      "host": [
        "api",
        "freshbooks",
        "com"
      ],
      "path": [
        "events",
        "account",
        "{{accountId}}",
        "events",
        "callbacks",
        "{{callbackId}}"
      ]
    },
    "description": "## Verifying Webhooks\n\nEach Webhook sent by FreshBooks includes a header, X-FreshBooks-Hmac-SHA256, with a base64-encoded signature generated using with the data sent in the request and token originally sent in the web hook verification process as a secret.\n\nWhen you receive the webhook, you can verify that it came from FreshBooks by computing the signature and comparing it against the header.\n\nWhen generating your cryptographic hash function, you will have two inputs. \n\n1. Your string input will be the response parameters which you will need to enter as a JSON String. \n\ni.e. `message = '{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"K1pdgJ\"}'` \n\n2. Your verifier (or 'secret') is sent as a response from your initial webhook registration. \n\nIt is also important that you maintain spaces between all colons and commas.  \n\nYou will also need to make sure that your verifier is a base64 encoded string. \n\nHere is an example script in Python: \n\n\n```\nimport base64\nimport hmac\nimport hashlib\n\nverifier = \"UWQfd9zCzxmVwFZWKqqKwLxqz8gvzGdAn\"\nmessage = '{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"FrEsHb\"}'\ndig = hmac.new(\n    verifier,\n    msg=message,\n    digestmod=hashlib.sha256\n).digest()\nprint(base64.b64encode(dig).decode())\n``` \nand an example in Node.js:\n\n\n```\nconst crypto = require('crypto')\nconst utf8 = require('utf8');\n\nconst hmac = hmac256(utf8.encode('{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"FrEsHb\"}'),\n\n  Buffer.from(utf8.encode('UWQfd9zCzxmVwFZWKqqKwLxqz8gvzGdAn')),\n\n  'base64')\n\nconsole.log(hmac)\n\n\n\nfunction hmac256(data, authKey, encoding) {\n\n  const x = crypto.createHmac('sha256', authKey)\n  x.update(data)\n  return x.digest(encoding)\n}\n```\n"
  },
  "response": [
  ]
}