Webhook not working on my end

Hi @DanDrix,

Something like httpstatus.io or just checking your URL in a browser isn't a sufficient test. That will test that your server is up and able to respond to a GET request at that URL. However, a Webhooks notification is an HTTP POST to that URL.

Our server attempts to post to that URL using a content-type of application/json and a body containing the JSON object with all of the notification info. If you don't have that URL set up to accept a POST, it won't work.

I verified from my end that I get no response when I connect to that URL and do a POST like the Webhooks system. If I just do a regular form post to that URL (like with application/x-www-form-urlencoded), that works, but to try to post some JSON data with a content-type of application/json fails. You'll need to adjust things on your end to be able to recognize that content-type and pass the notification object into your code.

Wait, it's working now when I test it. I don't know if you were changing things as I was typing, but I get a 200 response now. You should get a succesful response from the pings command now.

My site allows POST with json, I tested with postman and returns code 200.

I didn't change anything
But I still get code 500 when i am trying to ping

I believe I figured.

I did some tests and secure url (https://) was return error code 500 when I was trying to ping.

But  with non-secure url (http://) it works as expected.

And my website auto redirect to https.

My server accepts HTTP POST and it's working with postman (app to test HTTP requests) and  the website www.hurl.it

Yeah, you're right. There's something funny going on. 

Using requestb.in, I can see what headers come in a notification request, and then I create a curl command using those same headers:

curl -v -X POST -H "Accept:" -H "User-Agent:" -H "Accept-Encoding: gzip" -H "Content-Length: 209" -H "Expect: 100-continue" -H "X-Anet-Signature: sha512=38546842C5CE9A54DAB16B66FE7F501E45A0CB9144E5BB568017643901BD71205B44484B4C26E739FD5A87C28E5E5A483D0929FD461A3AAC4F84879AB388CE4E" -H "Content-Type: application/json" -d '{"notificationId":"1947e7d0-4fb6-403d-913c-5ee33c4ab10f","eventDate":"2017-03-14T15:41:01.9004341Z","webhookId":"ce6d9f1f-16ea-43b0-b212-52238af7986a","payload":["net.authorize.customer.subscription.created"]}' "https://docbotdev.short-save.com/webhooks/authorizenet"

If I run that from my machine, I get a 200 response from your server. But, the Webhooks "pings" command, which should be doing the same thing, is reporting an error. I've got to look into this deeper on our end, but first, any more information you can give?

Is there any firewall setup on your end that might be blocking the incoming requests from our IPs? Any way for you to check a firewall or router log to see if any traffic from our IPs are even hitting your network at the correct times?

Sorry, I missed your last post while I was typing my reply.

If you register your URL as http for a webhook, the pings command will still fail because of the redirect you have in place. We'll try to send the notification to the http URL, and your server will respond with a "302" instead of a "200". Instead of doing a new request, we just report an error since we didn't receive a "200" response.

So, if you wanted to use the http URL, you'd need to not redirect.

However, I think you'd prefer to use the https url, and I still don't know why that won't work. If you hit it directly there's no redirect to confuse things, so why can I post the same data from curl or postman, but when the Webhooks system posts it it fails?

Do you have any log on your side of a connection from our Webhooks system and what exactly it's posting to you?

So, I register the URL with https to avoid redirects.

But I am seeing the http:// works but https:// doesn't 

https://docbotdev.short-save.com/test-dan123.php (secure URL, it doesn't work)
http://sandbox.short-save.com/test-dan123.php      (non-secure URL, it works )
https://secure.short-save.com/test-dan123.php       (secure URL, it doesn't work)

all the links are in the same enviroment. 

So, I don't think it's some kind of firewall.

I believe it's something related to the SSL
because your server have to have a SSL certificate as well to communicate with mine.

I have a similar issue.

I have several custom wordpress endpoints https://devjesse.gettveverywhere.com/wp-json/authorizenet/

However, if i setup an inactive webhook on authorizenet and use the online test webhook button i receive the following error: 

Error: The ping operation failed. This could be due to connectivity issues, invalid url or server downtime. Check the url details for the webhook and try again.

Using a php curl script i can get the current webhooks:

[
  {
    "_links": {
      "self": {
        "href": "/rest/v1/webhooks/b8f7a92b-3d14-45d0-897f-95271faaf44b"
      }
    },
    "webhookId": "b8f7a92b-3d14-45d0-897f-95271faaf44b",
    "name": "dev_sub",
    "status": "inactive",
    "url": "https://devjesse.gettveverywhere.com/wp-json/authorizenet/subscription",
    "eventTypes": [
      "net.authorize.customer.subscription.updated",
      "net.authorize.customer.subscription.created",
      "net.authorize.customer.subscription.expiring",
      "net.authorize.customer.subscription.suspended",
      "net.authorize.customer.subscription.cancelled",
      "net.authorize.customer.subscription.terminated"
    ]
  }
]

and when calling the ping with my php curl script:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://apitest.authorize.net/rest/v1/webhooks/b8f7a92b-3d14-45d0-897f-95271faaf44b/pings');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Authorization: Basic ' . base64_encode(API_LOGIN_ID . ':' . TRANSACTION_KEY),
    'Content-Type: application/json'
));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

curl_close($ch);

echo $response;

i receive the following error:

{
  "status": 500,
  "reason": "PING_FAILED",
  "message": "The ping operation failed. This could be due to connectivity issues, invalid url or server downtime. Check the url details for the webhook and try again.",
  "correlationId": "5003a88f-4a1f-4c77-b374-84bdc1256082"
}

I am unsure why authorizenet webhook is failing here. The endpoint works if i use my own php curl script with a copy of the notification info:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://devjesse.gettveverywhere.com/wp-json/authorizenet/customer');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'Content-Length: 410',
    'X-Opnet-Transaction-Trace: 676a6e12-d5d2-4f72-b14f-fac44a714d87-15432-570877 Expect 100-continue',
    'X-Anet-Signature: sha512=5860384727AC755D0AAFB387EB775F1436C409E2F2BF38C6ED08717399A23FB1275A2363DC16A35A89E5541DBB3CED599A515A2165AA02EFB54596BD920ECA93'
));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, '{"notificationId":"365a8c21-088e-4303-a11a-6d3d827cc9a4","eventType":"net.authorize.customer.created","eventDate":"2019-07-02T16:27:41.5972635Z","webhookId":"5be521cb-5805-4b25-9952-1fb661c70e71","payload":{"paymentProfiles":[{"customerType":"individual","id":"1507794447"}],"merchantCustomerId":"2200","description":"Profile created by Subscription: 5869582","entityName":"customerProfile","id":"1508341513"}}');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

curl_close($ch);

echo $response;

Any solutions to these? I'm having similar issues.