RawBody from Webhook

Hi,

I am looking to ask about adding access to the rawBody of the webhook when a request comes in. I need this in order to verify the signature that gets passed along in the signature.

My main purpose currently building a Slack app but I anticipate any public usage of the webhook would require a similar verification.

3 Likes

Welcome to the community @kdjrha! Thanks for reaching out. :slightly_smiling_face:

I'll reach out internally in order to document this particular request and follow up here as soon as I have news to share.

Hello is there any update about this request? I think is vital for integrating Slack with URLs request.

Hey @dda - I don't think it's been prioritized just yet, but I'll give the corresponding ticket a bump on your behalf and let you know as soon as there's been some movement.

I did build out something similar for a Discord app recently, but resorted to spinning up a basic Express server for handling the verification.

Kinda defeats the purpose of Workflows by having a middleman...

The input/output of workflows need some work since this issue also came up when I was trying to play with Asana since they expect a very the secret to be set in the response header.

1 Like

I don't disagree, but it's ideally just a stopgap solution. I'm happy to share any additional feedback with the Workflows team!

This same issue happens trying to validate Stripe Webhook signatures. If we want to be completely sure that a request is sent by Stripe, we need to validate using the raw body.

1 Like

Ran into the same problem trying to validate a webhook signature from Xero. Configuring your server — Xero Developer, now I have to implement "something" outside of Retool Workflows

1 Like

Thanks for the bumps, y'all! The additional context is super helpful.

For anybody running an on-prem deployment, we recently defined an environment variable that is capable of enabling this. By setting WORKFLOWS_WEBHOOKS_INCLUDE_RAW_PAYLOAD to true, you can access the raw request body as startTrigger.metadata.rawDataBase64. This should be available on the 3.196 release.

Note that this functionality does not currently exist for cloud instances, as we are evaluating the potential impact on our infrastructure, but I'll provide another update as soon as I can. :+1:

2 Likes

Is there any update for the cloud instances? Is the rawData available?

Hi @Anze_Savli,

No update on the ticket. I did see that the ticket' status is 'ready for work' which means it should hopefully be getting assigned to an engineer soon.

From Darren's comment above, it seems that self hosted users are able to toggle the mentioned variable to get the raw data payload. If you are on cloud, then this will not be possible until the ticket is completed.