question

Jordan Rynard avatar image
Jordan Rynard asked Phong Vu commented

Validation Token is not set on webhook event anymore

I have a subscription set up for a webhook to call a url on the Instant Message event (/restapi/v1.0/account/~/extension/~/message-store/instant?type=SMS).
When I first create the subscription, the webhook URL is called, and I can confirm at this time that a Validation Token is present, and I am able to establish the subscription.
If I check the Subscription list at this point, I see that my subscription/webhook is active.

When I send a text message to my number, the url is being called by the webhook (as expected), but there is no Validation Token present, so obviously I can't validate to continue the process and receive the POST data.

I have had a subscription / webhook active for this event for the last 1.5 years and it has worked without issue, until 7 days ago when it just stopped working. After investigating I was able to figure out the above (no Validation Token is present anymore).

I've tried removing and creating a new subscription, confirmed the permissions in the app in the developer portal, and I've also tried creating a new app in the developer portal.

If anyone might be able to shed some light on this issue that would be very appreciated. I've contacted Ring Central support, but haven't received any response.

webhooks
1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

OK TAXI 101 avatar image OK TAXI 101 commented ·

Hello Jordan, I want to add that since yesterday I'm unable to receive webhooks account presence events, others webhooks subscription works fine. All this is sandbox environment, production webhooks account presence events are working properly.

0 Likes 0 ·
Phong Vu avatar image
Phong Vu answered OK TAXI 101 commented

I just run a quick test and I can confirm that Webhook notification subscription on sandbox works as expected. This means that the validation token is sent and required.

But @OK TAXI 101 is right. The presence event notification is not working right now on sandbox. I will report this to the team to investigate and fix it.

2 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

OK TAXI 101 avatar image OK TAXI 101 commented ·

Thank you @Phong Vu, I hope the team can fix it soon, so we can continue testing.

0 Likes 0 ·
OK TAXI 101 avatar image OK TAXI 101 commented ·

Hello @Phong Vu, news about this?. Still today not receiving presence events using sandbox environment.

0 Likes 0 ·
Jordan Rynard avatar image
Jordan Rynard answered Jordan Rynard commented

Still no resolution on this, and STILL no response from Ring Central.
It was important we got this functional, so here is the solution I implemented for the time being (hopefully it's useful to someone else who encounters the same problem).

Because the callback is still being called by RingCentral on receiving an incoming message, we had to add to our script a pull of the new message /account/~/extension/~/message-store?direction=Inbound&readStatus=Unread&perPage=1 to then access the most recent message and pull the JSON data that way.

It was a lot simpler when we were receiving this information with the callback (after validating with the validation code that we are no longer receiving), but this works in the meantime.

2 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image Tyler Liu ♦ commented ·

Hi @Jordan Rynard as I tested. The very first message to your webhook URL when you try to setup a new subscription, there is a validation-token header. But subsequent messages don't have this header at all.

And we believe it has been like this for very long time, not a recent change.

Why is it a breaking change for you? If there is validation token, you echo it back, otherwise you do not echo.

Or you are talking about verification token instead? Check this article https://medium.com/ringcentral-developers/common-questions-on-webhooks-8dd3550f4525 to learn the differences between validation token and verification token.

0 Likes 0 ·
Jordan Rynard avatar image Jordan Rynard Tyler Liu ♦ commented ·

Hi Tyler, I am referring to the Validation Token (not verification token).
If the validation token is not present I do ignore it. The problem is there is nothing else accompanying this callback, no Validation Token AND no JSON data. Nothing.

0 Likes 0 ·
Tyler Liu avatar image
Tyler Liu answered Phong Vu commented

I confirm that it is an issue in production environment. RingCentral engineers have been noticed and they are working on it.

Next time, if it is urgent, please create a ticket here: https://developers.ringcentral.com/support/create-case

Update: by design, the spec never says that RingCentral provide a validation-token header for every message. We only provide the header for the very first message that when you try to setup the WebHook. If it is not present, you just ignore it.

Please clarify if you still have concerns regarding this.


6 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

OK TAXI 101 avatar image OK TAXI 101 commented ·

I can confirm that today we are receiving the presence events (webhooks) of the account on sandbox environment.

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ OK TAXI 101 commented ·

Thanks for confirming. I tested and it works normal too.

0 Likes 0 ·
Tyler Liu avatar image Tyler Liu ♦ commented ·

Actually I am not sure that it is recent change. Are you sure that for every notification message, your could receive a validation-token before? Maybe by design it is optional, if it's not present, you simply ignore it.

0 Likes 0 ·
Jordan Rynard avatar image Jordan Rynard Tyler Liu ♦ commented ·

Hi Tyler, I do ignore it. But along with there being no validation token, there is also no JSON data.

0 Likes 0 ·
Jordan Rynard avatar image Jordan Rynard commented ·

I do ignore it. But along with there being no validation token, there is also no JSON data.

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ Jordan Rynard commented ·

It's an empty post message. Please refer to the answer in this thread for a solution.

0 Likes 0 ·
Jordan Rynard avatar image
Jordan Rynard answered Phong Vu commented

This report is not outdated, and the issue still stands. I suggest you better understand the issue I'm having before reporting this as outdated.

7 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image Tyler Liu ♦ commented ·

I agree that there is still issue. But this issue may not be related to validation-token. So it's kindly misleading. The real issue is you are receiving empty notifications.

0 Likes 0 ·
Jordan Rynard avatar image Jordan Rynard Tyler Liu ♦ commented ·

The API documentation states that there needs to be a Token Validation:

https://developers.ringcentral.com/guide/notifications/webhooks/receiving

"To ensure that the endpoints RingCentral interfaces with via webhooks are designed for RingCentral, "validation tokens" are transmitted amongst the HTTP request headers. It is the expectation of RingCentral that your webhook handler echo back this validation token in the response via an HTTP response header. "

I'm going to assume this is the primary problem, until I see otherwise from documentation provided by RingCentral, as this is the first step in the callback process.

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ Jordan Rynard commented ·

Unfortunately, the first sentence of that paragraph in dev guide is unclear and misleading.

"To ensure that the endpoints RingCentral interfaces with via webhooks are designed for RingCentral, "validation tokens" are transmitted amongst the HTTP request headers"

This is only for the validation of the Webhook url for the first time and only one time.

The second part is critical and that is exactly the expectation

"It is the expectation of RingCentral that your webhook handler echo back this validation token in the response via an HTTP response header. "

To ECHO back this validation header. So if the request header does not send, then ECHO none. Meaning that don't set the header in the response because the server did not send it in the request header.

I will check with the author to improve the documentation soon.

0 Likes 0 ·
Show more comments
Ganesh Shrestha avatar image
Ganesh Shrestha answered Phong Vu commented

This is occurring in our Prod environment too. I can see that when we register the webhook (subscription) for the first time I can see "Validation-Token" in the header.
1687391736561.png
But, once set up is completed, the RingCentral invokes our prod endpoint without validation-token header.
1687391821638.png

This used to be working just fine few weeks back.

So, should we remove the logic that API's documentation recommends to send the validation-token in a request back in the response? Or what is the fix/workaround.

Thanks


1687391736561.png (29.8 KiB)
1687391821638.png (29.4 KiB)
1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

Validation token is sent only once when you create a new subscription. Check out our code sample in the dev guide to implement your webhook notification.

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys