1. Goal
I want to use parse.com to receive Trello webhook.
1a. Why?: Because I want to monitor my trello model and receive say a push notification on my android device and do neat things from the push notficiation (I'm an Android Dev)
2. What I've tried
2a. Setup on parse.com
I've created an app on parse.com
Obtained the keys (REST keys for the REST api)
Checked the above endpoint with Postman, works perfectly.
2b. Setup on trello.com
I've obtained an api appkey and secret; with full write on all boards, never expires
Tested the above with Postman, works perfectly fine.
PROBLEM: Posted to the following using Postman (of course with proper details for key, token, model, etc.
Request=
$.post("https://trello.com/1/tokens/[USER_TOKEN]/webhooks/?key=[APPLICATION_KEY]", {
description: "My first webhook",
callbackURL: "https://api.parse.com/1/functions/webhookReceiverTrello",
idModel: "4d5ea62fd76aa1136000000c",
});
Response Try=
URL (https://api.parse.com/1/functions/webhookReceiverTrello) did not return 200 status code, got 401
3. What is the problem?
Parse.com expects auth keys, etc as header. AFAIK Trello can NOT DO that.
How do I get a trello webhook to call a parse.com cloud function ?
Use a proxy (a simple web app will do)
This is how I did it:
Receive the webhook on a simple web app and make the necessary post call to parse.com
I used heroku for hosting
I used MeteorJS for the web app
Note: An issue you could encounter:
Trello.com sends calls to webhooks in proper order i.e. a card was created, the same card was updated, etc.
When you receive the webhook and make (proper) post calls, they will be received out of order at parse.com i.e. a card was updated and then it was created. This is just due to the way internet works, if you need an explanation, it's another SO question. ;)
This took me a while to figure out; mentioning so that you don't also spend your time with this.
A Fix: I don't know a simple/efficient way to fix this. Please let me know if you do. One possible solution is to queue all POST calls i.e. make POST call 1 and when a successful callback is gotten do the next one. Trello.com seems to do this in a more quicker fashion, it doesn't seem like they wait for a callback given how quick successive calls are received.
Related
I'm completely new to slack development and I might sound crazy here.
This is what I have noticed. Whenever I use my incoming webhook URL to test messages using postman, it works fine. BUT, when I use it in my app and push the code in github (so it deploys to heroku), the incoming webhook gets removed. Is this something expected and that I missed reading in the documentation?
Ok, got answer to this. Basically, got an email from slack explaining the reason.
We recently discovered a publicly accessible incoming webhook associated with the Journey Alert Bot app installed on your sync.slack.com workspace. This can happen when someone who created or has access to a webhook URL posts it on a public site, such as Github or other code-sharing forums. None of your data is at risk — webhooks can only send messages into Slack and cannot access any data.
I want to utilise Google Meet api, which is used in Hangouts integration for Slack, description follows
TL;DR:
Links such as https://meet.google.com/new?gid=123&gd=qwe987 can be generated, so a modal is shown which can ask user's confirmation and then some request is sent from user's browser (where the Google Meet page is opened) to some endpoint (probably it is determined from gid which seems to be google application id). Is there a way to configure my application to have a webhook, so I can generate these custom links?
There's Google+ Hangouts app for Slack. Here's how it works (after you add the app in your workspace):
you send /hangout command in any Slack channel
slackbot sends an "Only visible to you" message in this channel with a link to start a new hangout. it looks smth like this (I changed data in the link): https://meet.google.com/new?gid=691521906844&gd=THTJ30X6W%7CU01113BD13M%7CD01113BDB5Z%7Csuren%7C%7C1846381238693%7C1%7CB01QFGG5GJF%7CE1MDm4DWcuVa0RbN5ZT9o5KF
when you visit the link, a new meeting is started instantly, and the page shows modal with text "To bring others into this video call, post a link it to your Slack channel" with buttons 'Cancel' and 'Post'.
when you click 'Post', a new message is sent to the Slack channel, where the command was sent. Text is "#Suren Khorenyan has started a Google+ Hangout and would like you to join. Join Hangout." and contains a link to the meet, which was created previously
How can I utilise this integration for another app, like Mattermost (or anything else like Telegram chats via bots)?
As I see, data in the url slightly changes. Probably it's payload for Google Meet to trigger Slack to send a message with link to the channel.
gid seems to be something like google app id
gd seems to be something like google data. If I url-decode it, it becomes THTJ30X6W|U01113BD13M|D01113BDB5Z|suren||1846381238693|1|B01QFGG5GJF|E1MDm4DWcuVa0RbN5ZT9o5KF. This is some kind of payload, separated by pipes (obviously), but I don't know what any part of this means (suren is my username in the Slack workspace, probably this is used for creating an invitation message).
When I click Post, this happens:
a new POST request to https://hooks.slack.com/services/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 is sent with form-data
hangout_id: 1812381238693
hangout_url: https://meet.google.com//abc-iuqx-def
a new message is posted to the Slack channel
Google meet somehow knows where to post back! Is this configured at the Google application (application id is provided via gid)? How can I configure my application for such behaviour? Where can I setup webhook url?
If we breakdown the request, we can see that url contains some parts of the gd payload:
THTJ27X6W - this is the first part of the gd payload
B01ABCD5GJF - last but one
E1MDm4DWcuVa0RbK5ZT9o5KD - the last part of the gd payload
and form-data contains:
hangout_id - this is in the gd payload after my name
hangout_url - obviously, this is the url for the new created meeting
How can I change it for my needs?
I created a new application at Google APIs dashboard (here console.developers.google.com/apis), but can't find any docs for this integration. There's Google+ Hangouts API in API Library, but it says Apps will continue to function until April 25, 2017..
I tried to approach it from another side:
In the API Library there's Google Calendar. I found mattermost-hangout app on GitHub (had to update it a bit, so it works with updated api). Here's how it works:
oauth2 for authorising at google (single account)
it handles POST request, which is meant to be received from Mattermost (triggered by a slash command),
creates a new calendar event using Google Calendar API (with conference),
takes hangouts url from the response and sends a new message in the Mattermost channel with invitation to join the meeting.
But it has some downsides:
you have to use one account to authorise all event creation events (yeah, it can be upgraded to authorise any number of users, but it'll be inconvenient. why to force anyone to provide access to their Google Account, when Google Meet authorisation just happens in browser, we don't need to create events)
account, used for auth, now has events in his calendar. of course, events can be deleted, but it's not the way.
Is there any documentation on utilising gid and gd params?
Generally, I want to find a way to configure a webhook in my app, so when Google Meet finds my application's ID in the gid query param, it looks at the app's config and sends a request to my app (previously configured endpoint (I assume it works this way)).
Of course there's a chance that it's some kind of internal API and it cannot be used by everyone, but I could not find any information on this.
I created a Slack app that sends a series of interactive messages to a channel. In my Slack API dashboard, I see that I can create and remove hooks. Right now the hook url that I have set up in my code is the one for the Slackbot channel.
But the problem is that such a message only gets sent to me.
I want to send the Slackbot messages to Alice in situation A, and to Bob in situation B. Not just to myself, the guy who configured the app.
What's the best way to do this?
I would suggest that you should not use hooks for this. A more sane way to do this right would be via chat.postMessage Web API method which is documented here!
This is because hooks are tied to specific conversations and that approach quickly hits a wall on what it can really achieve, especially messaging different people. Once you start using the web API it's pretty simple. Just ask for the scope during app installation (remember to add that scope in your dashboard), subscribe to the event in your API dashboard and then you are good to go.
Everytime you send a message via that method, Slack will send you a payload which you can use for testing and logging etc.
You can see all the different ways to message programmatically inside Slack here.
I am trying to use a conversation reference to continue a conversation with a user within my node bot server. This conversation, I assume, is trying to be resumed after the last API token received has expired. When I try to call continueConversation which is defined in botFrameworkAdapter.ts in the botbuilder library (note, that this is not within a turn, so no message has been received from Teams since the API key has expired), with my service URL as https://smba.trafficmanager.net/uk/ which is what I have stored in my conversation reference, I get an unauthorized error.
After digging into the botbuilder library, I have narrowed it down to the shouldSetToken method within microsoftAppCredentials.js. It would seem the issue is that https://smba.trafficmanager.net/uk/ is not a trusted host name, and as a result the connector does not attempt to retrieve a new token for use.
I can verify that changing the shouldSetToken method to always return true solves my issue, but what is the correct approach to do this which does not involve altering the library?
I've managed to get around this for now with MicrosoftAppCredentials.trustServiceUrl(serviceUrl). If there is a better approach it'd be great to hear it.
I wanted to verify phone numbers before using them for communication with registred users. However, I am unclear If I'm doing it securely. i.e
Steps I'm taking:
Ask user for phone number
Send SMS verification code
User enters Code
Code verified using SMS Service(Sinch or/Twilio)
correct code triggers callback function(client side) that adds the number to backend Database
Incorrect code does nothing
My concern is step 5. Should I have the success callback function perform the number save on client side or should I trigger some backend(server-side) function that performs the save operation?
So with sinch it works like this, all the steps 1 to 6 is correct on the client.
side,
But step 5/6 is more like this
5 Client enters code and send it to Sinch Backend
- Return to client with Success or Fail (do ui logic)
- Make a callback to your server with status, take action if correct or incorrect.
So the code is never in your possession, injecting the add to database on client side not possible, since you can get Success to the client and then in the client reload you data from your backend that has been updated by the server to server method. Makes sense?
https://www.sinch.com/docs/verification/rest/#howtousetheverificationapis
Twilio developer evangelist here.
I'd definitely do the code verification on the server side and then if that is successful save the number to the database. Any verification and success callbacks on the client side could surely be bypassed by an attacker with knowledge of JavaScript.
Rather than using Twilio directly for this, might I suggest you check out Authy's phone verification API. Authy is part of Twilio, but is more specific to verification and two factor authentication workflows.
I'm not sure what your backend is written in, however there are tutorials for verifying a phone number with Authy on the Twilio site. We have examples in Node, Ruby, Python, .NET, PHP and Java.
I'm not sure if this helps at all. Let me know if you have any other questions.