Webhook Request validation fails

I’m having trouble with request webhook validation using a GET request to https://app.snipcart.com/api/requestvalidation/{token}. Not only does it fail from my webhook endpoint, it doesn’t even validate a X-Snipcart-RequestToken token as shown in the webhooks logs when I use my browser or CURL to hit url. I get a HTTP 401 error, even though the token is clearly the correct one.

I’m running within the test environment, but I think it should be working nonetheless.

Hey @FabienF,

Did you generate a secret API key in the dashboard and used it to make the request? I’m pretty sure this is why you get a 401 response.

Please refer to the Authentication section of our documentation that explains how you can use the secret API key to query our API.

Hey @charles thanks! - I guess that’s the issue then.

Will try in a bit. Somehow I did not anticipate this GET request to require authentication, because it was more of a handshake.

I reckon the following should work then? I’m using Axios:

export async function validateSnipcartToken(token) {
  const url = `https://app.snipcart.com/api/requestvalidation/${token}`;
  try {
    const response = await axios.get(url, {
      auth: {
        username: SNIPCART_SECRET_KEY,
        password: '',
      },
    });
    return token === response?.data?.token;
  } catch (e) {
    return false;
  }
}

Yes @FabienF, that should work. Make sure it’s executed on a server and not on the front-end though. It’s important not to leak your secret API keys.

Sure thing, this is only called through an /api route in NextJS, so it should be safe.

1 Like