Webhook callback URL not called by Dwolla

nmishra · May 11, 2023, 8:53pm

As a Developer, I am trying to test Dwolla customer-create and expecting (Sandbox) Dwolla to generate event using webhook callback URL, registered using subscription API.

{“_links”:{“self”:{“href”:“https://api-sandbox.dwolla.com/webhook-subscriptions/4091ccd5-d553-4477-b32c-25619630c874",“type”:“application/vnd.dwolla.v1.hal+json”,“resource-type”:“webhook-subscription”},“webhooks”:{“href”:“https://api-sandbox.dwolla.com/webhook-subscriptions/4091ccd5-d553-4477-b32c-25619630c874/webhooks”,“type”:“application/vnd.dwolla.v1.hal+json”,“resource-type”:“webhook”}},“id”:“4091ccd5-d553-4477-b32c-25619630c874”,“url”:“**https://www.sandbox.xpaydite.com/pgws/dwollaResponse**”,“paused”:false,“created”:"2023-05-11T11:40:19.693Z”}

But I cannot see any POST request on callback URL in the apache server logs .

However, when I do the same by dummy POST from a REST client; it shows in Apache http server access logs.

I used REST client to make call following API call:
https://api-sandbox.dwolla.com/webhook-subscriptions/4091ccd5-d553-4477-b32c-25619630c874/webhooks

And can see response:
“id”: “b9dc740d-2a90-4c3c-8519-15f9d73c875e”,
“topic”: “customer_created”,
“accountId”: “xxxxxxxxxx”,
“eventId”: “93bd47d3-c7df-4fe8-8832-6c7beb8b86d9”,
“subscriptionId”: “4091ccd5-d553-4477-b32c-25619630c874”,
“attempts”: [
{
“id”: “2d545c98-f1cc-43e7-ae52-73b884242e4a”,
“request”: {
“timestamp”: “2023-05-11T13:23:21.768Z”,
“url”: “https://www.sandbox.xpaydite.com/pgws/dwollaResponse”,
“headers”: [
{
“name”: “Content-Length”,
“value”: “602”
},
{
“name”: “Content-Type”,
“value”: “application/json”
},
{
“name”: “User-Agent”,
“value”: “dwolla-webhooks/1.1”
},
{
“name”: “X-Dwolla-Topic”,
“value”: “customer_created”
},
{
“name”: “X-Request-Signature-SHA-256”,
“value”: “4d57888e928a0089351d5e208844d345b9987bfb12e8c3afe3f4ebea6e0afd0f”
}
],
“body”: "{"id":"93bd47d3-c7df-4fe8-8832-6c7beb8b86d9","resourceId":"9243e68d-f45a-4c2f-a138-25ed9aeb687b","topic":"customer_created","timestamp":"2023-05-11T13:08:18.777Z","_links":{"self":{"href":"https://api-sandbox.dwolla.com/events/93bd47d3-c7df-4fe8-8832-6c7beb8b86d9\“},\“account\”:{\“href\”:\“https://api-sandbox.dwolla.com/accounts/1e52a23f-fcfb-4aab-9da1-82f9230978af\”},\“resource\”:{\“href\”:\“https://api-sandbox.dwolla.com/customers/9243e68d-f45a-4c2f-a138-25ed9aeb687b\”},\“customer\”:{\“href\”:\“https://api-sandbox.dwolla.com/customers/9243e68d-f45a-4c2f-a138-25ed9aeb687b\”}},\“created\”:\“2023-05-11T13:08:18.777Z\”}”
}
}

Any particular reason Dwolla is not notifying for an event by using callback URL even when webhook subscription not paused?

I have noticed this was unanswered too:

Thanks

shreya · May 12, 2023, 4:23pm

Hi @nmishra – upon checking our webhook logs, it does look like we’re sending webhook request to your server with the URL https://www.sandbox.xpaydite.com/pgws/dwollaResponse. However, we aren’t receiving a 2xx level response acknowledging receipt of the request. It seems to be timing out after not receiving a response within 10 seconds. We then retry the request again up to 7 more times according to this backoff schedule.

I wonder if there’s a firewall blocking external requests like the ones from Dwolla?

nmishra · May 15, 2023, 9:06pm

Thanks for your response Shreya. But no matter what I have tried for, I wouldn’t be receiving the callback from Dwolla.
When I set the callback to a production URL; https://www.xpaydite.com; I do receive callback.
When using beeceptor to intercept callback; I do receive callback
The only difference between production and sandbox is production is behind ALB but sandbox is directly to EC2 and therefore no WAF.

The least I would be expecting is at least a log entry in HTTP Webserver access logs. But that’s not there either.
Could you please check if Dwolla’s WAF is preventing any response callback to ‘www.sandbox’ in particular?

nmishra · May 21, 2023, 8:15pm

Never mind Shreya. I managed to resolve the issue. The problem was around TLS certificate that was my initial guess. But if there are TLS certificate chaining issues; the modern day browsers are quite flexible and compromise on security.
The problem was chaining of certificate. The intermediate ones were missing.
Now I am able to receive the webhook callbacks.

shreya · May 30, 2023, 1:57pm

Hi @nmishra – apologies for not reviewing and responding sooner! Thanks for posting an update. I’m glad you got it working!