Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Updated by Naglis Jonaitis over 6 years ago

I am trying to integrate the new webhook functionality into a [personal project](https://github.com/naglis/misc-addons/issues/12) (OpenProject -\> Odoo integration).

I would like to verify the integrity and authenticity of the webhook requests, but I do not seem to receive the webhook request body signature HTTP header when the signature secret field is set for the webhook. From reading the related [PR](https://github.com/opf/openproject-webhooks/pull/13/files#diff-b298071a91a2530a8a095eeff6c3fce1R48) it looks like the header should be called `HTTP_X_OP_SIGNATURE`.

I have tested it from a `openproject/community:7.4.7` Docker container.

## Steps to reproduce

1. Generate a webhook testing URL on https://webhook.site/
2. Create a webhook for all projects for work package update events. Point the payload URL to the unique webhook testing URL from step 1. Set the signature secret field to eg. “42”.
3. Update a work package (eg. change status).

## Actual behavior

1. A POST request with the webhook event is received at the webhook payload URL, but without the signature HTTP header (`HTTP_X_OP_SIGNATURE`).

## Expected behavior

1. A POST request with the webhook event is received at the webhook payload URL with the signature HTTP header (`HTTP_X_OP_SIGNATURE`).

## Screenshots

![](edit_webhook.png)
![](webhook_site.png)

Back

Loading...