Not getting a response to create webhook request


#1

Trying to integrate webhooks API and hoping someone can help!

As a first step, I am doing a test POST call to create a webhook to a random URL that isn’t working (but should return a 404). However, I am not seeing any access from Asana in my web server logs. I am visiting my test URL directly from my browser and am seeing the request in my logs so I know for sure that it should be working.

This is the API response from Asana:

{
“errors”: [
{
“message”: “Could not complete activation handshake with target URL. Please ensure that the receiving server is accepting connections and supports SSL”,
“help”: “For more information on API status codes and how to handle them, read the docs on errors: https://asana.com/developers/documentation/getting-started/errors
}
]
}

I am doing a POST request using the Bearer authentication method with these key/pairs:

resource : a valid porject
target : a test URL on my server

Does anyone have any ideas?


Webhook creation dosn't wok
#2

I should clarify:

my target value is something like https://www.example.com/test-asana-webhook-handshake

(https definitely works fine and is a real signed certificate, not self signed)

I am looking in my nginx logs and see no access attempts from Asana servers to this URL. But when I access from my browser I successfully get a request in the server log!


#3

hey @Dustin_Hamilton

when you create the webhook asana will test the route making a POST request at the url you provided.

The handshake token of the request will be in ‘X-Hook-Secret’ header.

The rest webhook requests will be performed when an event happened at your resource in asana and you will see on these requests the ‘X-Hook-Signature’ header.

Let me know if you made it :smiley:


#4

Hey, thanks a lot for replying. I really appreciate it.

I understand that Asana in theory attempts a POST request to the URL I provided. However, Asana is not attempting to access this URL. How do I know? By looking at my nginx logs.


#5

the api response is

Could not complete activation handshake with target URL. Please ensure that the receiving server is accepting connections and supports SSL?

Be sure that your server has an active SSL certificate and your server responds with status 200.

Are you sure that your nginx logs are correct and you don’t get any request from Asana on the defining route?


#6

100% sure that the server is accepting connections and supports SSL. As soon as I visit my test URL from my browser or via curl, I see it immediately. Then, I run the API request via a curl command and get this error and see no log entry on the server side. The 200 response should not matter, there should be a server request logged regardless of the server’s response.

Does the Asana API require some certain kind of SSL encryption? I am using openssl 2048 x509 key


#7

I am not able to help you with that. Maybe @Matt_Bramlage can help.

I’d be glad if you let me know what was the solution and I am here to help you for anything else you may need.


#8

Ok… I saw this thread (see the last few posts) which is probably related:

So maybe it is something to do with the SSL configuration of nginx? Where it’s not compatible with whatever Asana is expecting.


#9

Hi Dustin,

Did you resolve the issue?
Have the same situation :frowning:


#10

I did not. I gave up and just did periodic queries to get the status (every 2 minutes) :frowning: I’m pretty sure it’s something to do with the SSL certificate that I purchased, though. If you look at the thread I linked to, I’m pretty sure that’s the solution.


#11

Thank you for the reply,

I tested three certificates but had the same problem :(. I’m sure that the problem in asana webhooks API.
The magic - there is no information in my logs about asana handshiking requests.


#12

@Matt_Bramlage any ideas pls?


#13

Hi,

I have the same problem. On the certificate “lower price”, the handshake doesn’t work.
With an expensive certificate (Symantec), it does work. I get the Hook secret.

I can’t find the difference beetween the two certificate.

I can’t find how Asana make the difference with a good and a bad certificate.

Regards,


#14

Maybe @johnnygoodnow can help!


#15

Hi @Stephane and others,

Unfortunately, not a lot comes to mind immediately with this specific scenario. One thing I’d recommend is making sure that your server can handle TLS 1.1+ (1.1 or 1.2 as of now) connections, along with 2048 bit certificates or greater (which was mentioned earlier).

I’m looking into our exact verification process to determine which CA bundle it uses and anything else it might do in that process, and will let you all know. Of note is that we have verified on our end that certificates from Let’s Encrypt do work (even though there was some debate on whether this worked over in https://community.asana.com/t/x-hook-secret-only-32-chars/).

Otherwise, we can look into specific webhooks on a case by case basis via a ticket to support, however it does take some time to find the specific webhook to send over exactly what went wrong on our end.


#16

As a follow up:

We also use Node’s included root CA’s for verification, which are listed here in this file: https://github.com/nodejs/node/blob/master/src/node_root_certs.h

It’s of note that while several things can still cause issues outside of this (such as only accepting HTTP 2.0 connections vs 1.0/1.1), hopefully this should help in debugging. Otherwise, I’d recommend a support ticket with a specific webhook where we can diagnose the exact issue (again, I stress patience for this process; it can often be easier with a test app as we only have to look through a few webhooks :slight_smile:).

Hope that helps a bit!