cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to add Webhook URL which is parameterised or query string

I am unable to add webhook which is parameterised or is a query string for example

 

https:\\fromauthorizenet.ashx?type=hook does not work. 

 

 

Reason for above requirement is

I have mentioned return URL, cancel URL in GetAnAcceptPaymentHostedPage as mentioned below respectively

 

Return URL: https:\\https:\\fromauthorizenet.ashx?type=return

Cancel URL: https:\\https:\\fromauthorizenet.ashx?type=cancel

 

 

In all the 3 cases I want my handler to route or do a business logic depending on the given type parameter. This is working fine in the setting for return and cancel URL however webhook is not helping me much in this case. 

 

 

Any thoughts or ideas would be of great help.

mvkotekar1983
Contributor
7 REPLIES 7
This one I probably can’t answer but just curious- I am guessing that you want to route for the cancel and receipt url and do logic for the Webhook?

I am not versed in this at all. Is it possible to have the logic executed based on the presence of a header rather than parameters? If so, you could check for the presence of the X-Anet header, as only Webhooks will have that header.

In php, the type of exercise you are describing is straightforward because you just write scripts that essentially boss around the server and tell it exactly what to do. So my endpoint has no parameters in the url, it just has a bunch of these “boss around” scripts that execute all the actions and logic I need it to.
Renaissance
All Star

Thank you, I would like to make the changes as you suggested. However, it would have been great if webhook allowed parameterized url. Since we are only defining what we want in the sandbox. 

 

Thanks for the clarification.

Sure thing. Go back to my post from when we began this and also the references on the developer site here for information about validating the webook. It is always possible that a malicious user could hit your endpoint with a header named X-Anet, but it’s not remotely possible for them to hit it with the properly hashed value associated with that header. It sounds like your .net/C# has many of the same script writing and server side “bossing around” as php or any other server side language. The only thing I knew about it was that http requests are handled differently, and that sounds like what you’re describing. I think it is best to default to script writing not based on any url parameters for Webhooks, even if authorize gave you that option. The reason is that you can be reasonably sure that someone clicking the continue button to go to the receipt page is a trustable user, because they’ve made it through all of your security protections on your app and also entered valid CC info on the orders page. Webhooks are different in that anyone on earth could try to hit your endpoint, as well as the many thousands of automated bots that launch attacks nonstop wherever they can.

So in my view better to leave it all up to non parametrized scripts and frisk the info being sent to you before you allow it to do anything with your application.

Hi mvkotekar1983

 

It looks as though you are already getting some excellent collaboration on this question, but I can confirm that parameterized URLs are not permitted for use. 

 

Thank you,

Elaine

ElaineM
Moderator Moderator
Moderator

HI,

 

    I figured we can add parameter as a html fragment (#parameter). The Webhooks edit screen has no complaints. The web server should see url's with different hashes as same URL. Problem solved.

 

    Will this work?  

 

Thanks & Regards

Pilla Gurumurty Patrudu 

pgpatrudu
Member

Hi,

 

     I figured, we could add html fragments (#parameter), after the URL. The edit option of webhooks did not complain. The wb server sees two hashes as the same URL. Problem solved.

 

    Will this work?

 

Thanks & Regards

Pilla Gurumurty Patrudu 

 

pgpatrudu
Member

Hi,

 

     I figured, we could add html fragments (#parameter), after the URL. The edit option of webhooks did not complain. The wb server sees two hashes as the same URL. Problem solved.

 

    Will this work?

 

Thanks & Regards

Pilla Gurumurty Patrudu 

 

pgpatrudu
Member