SQL Server / New FreshBooks / Verify Webhook Callback
Back to Collection Items
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @http int
-- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
DECLARE @success int
-- Use this online tool to generate code from sample JSON: Generate Code to Create JSON
-- The following JSON is sent in the request body.
-- {
-- "callback": {
-- "callback_id": 123,
-- "verifier": "{{verifier}}"
-- }
-- }
DECLARE @json int
-- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'callback.callback_id', 123
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callback.verifier', '{{verifier}}'
-- Adds the "Authorization: Bearer <access_token>" header.
EXEC sp_OASetProperty @http, 'AuthToken', '<access_token>'
EXEC sp_OAMethod @http, 'SetRequestHeader', NULL, 'Content-Type', 'application/json'
DECLARE @sbRequestBody int
-- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbRequestBody OUT
EXEC sp_OAMethod @json, 'EmitSb', @success OUT, @sbRequestBody
DECLARE @resp int
EXEC sp_OAMethod @http, 'PTextSb', @resp OUT, 'PUT', 'https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}', @sbRequestBody, 'utf-8', 'application/json', 0, 0
EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @sbRequestBody
RETURN
END
EXEC sp_OAGetProperty @resp, 'StatusCode', @iTmp0 OUT
PRINT @iTmp0
EXEC sp_OAGetProperty @resp, 'BodyStr', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @resp
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @sbRequestBody
END
GO
Curl Command
curl -X PUT
-H "Authorization: Bearer <access_token>"
-H "Content-Type: application/json"
-d '{
"callback": {
"callback_id": {{callbackId}},
"verifier": "{{verifier}}"
}
}'
https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}
Postman Collection Item JSON
{
"name": "Verify Webhook Callback",
"request": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"callback\": {\n \"callback_id\": {{callbackId}},\n \"verifier\": \"{{verifier}}\"\n }\n}"
},
"url": {
"raw": "https://api.freshbooks.com/events/account/{{accountId}}/events/callbacks/{{callbackId}}",
"protocol": "https",
"host": [
"api",
"freshbooks",
"com"
],
"path": [
"events",
"account",
"{{accountId}}",
"events",
"callbacks",
"{{callbackId}}"
]
},
"description": "## Verifying Webhooks\n\nEach Webhook sent by FreshBooks includes a header, X-FreshBooks-Hmac-SHA256, with a base64-encoded signature generated using with the data sent in the request and token originally sent in the web hook verification process as a secret.\n\nWhen you receive the webhook, you can verify that it came from FreshBooks by computing the signature and comparing it against the header.\n\nWhen generating your cryptographic hash function, you will have two inputs. \n\n1. Your string input will be the response parameters which you will need to enter as a JSON String. \n\ni.e. `message = '{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"K1pdgJ\"}'` \n\n2. Your verifier (or 'secret') is sent as a response from your initial webhook registration. \n\nIt is also important that you maintain spaces between all colons and commas. \n\nYou will also need to make sure that your verifier is a base64 encoded string. \n\nHere is an example script in Python: \n\n\n```\nimport base64\nimport hmac\nimport hashlib\n\nverifier = \"UWQfd9zCzxmVwFZWKqqKwLxqz8gvzGdAn\"\nmessage = '{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"FrEsHb\"}'\ndig = hmac.new(\n verifier,\n msg=message,\n digestmod=hashlib.sha256\n).digest()\nprint(base64.b64encode(dig).decode())\n``` \nand an example in Node.js:\n\n\n```\nconst crypto = require('crypto')\nconst utf8 = require('utf8');\n\nconst hmac = hmac256(utf8.encode('{\"name\": \"client.update\", \"object_id\": \"177864\", \"user_id\": \"1\", \"account_id\": \"FrEsHb\"}'),\n\n Buffer.from(utf8.encode('UWQfd9zCzxmVwFZWKqqKwLxqz8gvzGdAn')),\n\n 'base64')\n\nconsole.log(hmac)\n\n\n\nfunction hmac256(data, authKey, encoding) {\n\n const x = crypto.createHmac('sha256', authKey)\n x.update(data)\n return x.digest(encoding)\n}\n```\n"
},
"response": [
]
}
