Custom Trigger tutorial wrong?

xap5xap · July 16, 2020, 1:06pm

I was following all the steps in the “Build Custom Triggers” tutorial: https://monday.com/developers/apps/custom-trigger.

I followed all the steps in that tutorial, but in the “Call an action” part, it says to do a POST request to the subscriptionURL that is returned from the subscription for example in my case it would be:

https://api-gw.monday.com/automations/apps-events/[a_number]

However, I am getting a 401 unauthorized on that endpoint. The tutorial does not say to add an authorization header.

If I add an authorization token to the header, the same error shows.

How does that subscription endpoint should be called?

rob · July 15, 2020, 4:11pm

Hey @xap5xap.
AFAIK endpoints should be on your own server where you perform the OAuth process, not on monday.com one.
Or am I missing something?

xap5xap · July 15, 2020, 4:39pm

Hi @rob thanks for replying. The documentation says that you need 2 endpoints: 1 for subscribing and one for unsubscribing.
When the user adds your recipe, it will call your subscript endpoint. With some parameters one of them is the subscriptionUrl. (however, in reality it returns a webhookUrl, I think the documentation is incorrect.)

When something happens in your platform, the documentation says that you have to call that webhookUrl. But, it always returns a 401unauthorized. I am sending the auth other, but it is always returning a 401 unauthorized.

Now, that’s what I understand from the documentation, but I am not sure what I am doing wrong, or if the documentation is wrong, since I am a newbie in monday app dev platform

dipro · July 15, 2020, 4:53pm

Hey @xap5xap! Can you share the snippet of code that calls the webhook URL? (please remove any auth tokens or signing secrets).

Would love to see how you’re structuring your request so we can troubleshoot.

xap5xap · July 15, 2020, 6:39pm

Hi @dipro, I am just using postman to test.
In postman I do a POST request to the webhookURL.
The documentation doesn’t say to add an authentication token on that call.
The response says 401 unauthorized

Attached is the postman image

dipro · July 15, 2020, 6:52pm

Hey! Let me check with the team and I’ll get back to you.

dipro · July 16, 2020, 1:06pm

Hey @xap5xap – you need to add your app’s shared secret to the Authorization header.

This is how you get your app’s shared secret:

Can you try it and let me know if that helps?

xap5xap · July 16, 2020, 8:35pm

Hi @dipro, thanks for replying. Could you please explain more? To the Authorization header do you mean as a key value pair? If so, what is the key name to send the client secret?**

xap5xap · July 17, 2020, 4:05pm

Hi @dipro, can you please help me with this? I am trying to create an app for the challenge, but the custom trigger tutorial doesn’t say anything about sending a secret. Can you guys please update the tutorial?

Helen · July 21, 2020, 5:51pm

Hi @xap5xap,

I believe you will need to enter the authorization token in Postman here:

Is this what you’re looking for?

mitchell.hudson · July 21, 2020, 11:46pm

Hi @Helen and @xap5xap,

I believe the type should also be ‘basic auth’ for postman in this case.

dipro · July 28, 2020, 12:59pm

Hey everyone, wanted to close the loop on this.

Last week we did indeed find an error in our documentation about custom triggers and fixed it. Specifically, the documentation had the wrong JSON response body and did not include any information about authorization.

Here’s the section we updated, if you’re interested:

basdebruin · July 30, 2020, 6:45pm

Hi @dipro, @xap5xap

As Xavier is stating correctly there is another glitch in the documentation as it says that the subscriptionUrl is passed in the subscribe request, it is actually called webhookUrl.

The other question Xavier is asking (an now also from myself ) is where / how to put the client secret in the authorization header. Is that as a key / value pair?

basdebruin · July 30, 2020, 9:09pm

From the last webinair I understand to put the client secret as API key. Unfortunately it still throws a 401

dipro · July 30, 2020, 9:51pm

Hey @basdebruin – good catch; I just updated the docs.

For the header, can you make sure you’re using the Signing Secret (not client secret)?

basdebruin · July 30, 2020, 10:35pm

Hi @dipro

That really helps (using the signing secret in stead of client secret). Works on Postman, next step is to figure out how to do this in code.

A little puzzled whether to include the values of the output fields in the body of the request. Aren’t those values passed from the custom trigger?

dipro · July 31, 2020, 2:57pm

You should include the output field values in the body of the request. Your request represents the custom trigger being invoked, and the trigger’s output fields will be passed through the recipe to the action, as input fields.

Does that make sense?

basdebruin · July 31, 2020, 4:44pm

Makes sense, I was just wondering what the purpose of the trigger output fields are. Can I only supply values to the action part (from my backend) that are defined in the output fields of the trigger?

dipro · July 31, 2020, 5:57pm

The trigger output fields supply data about the actual trigger. If your trigger was invoked when a lead was created in your CRM, you might include data about the lead (lead name, ID, phone number, favourite color).

You can also supply values to the action based on the recipe context and the recipe sentence (like in the quickstart guide).