Webhook Listener HTTP Request Header Mapping

Integrator.io
, , , ,
1
I'm new to Celigo and I'm having an issue trying to map data from a webhook listener's HTTP request headers. Some of the data that I need access to only exists in the request headers, not the body data. I'm not sure how I can gain access to the header data in the mapping page in order to map specific headers to the import destination.
To give an example of what I'm trying to do here. I have custom webhooks set up in Shopify which send custom notifications to Slack via a custom Celigo workflow. Everything works fine except for the headers mapping. We have a few Shopify stores set up, however, the shop domain only exists in the headers under the 'x-shopify-shop-domain' key, so I currently cannot display what shop the notification is from. When the Slack notification is sent, I'd like to grab the shop domain and pass it along to the Slack import destination, along with some other information from the request headers as well.
I'm sure that there is something very simple that I'm overlooking in order to get this done. If anyone has any insight into this, it would be greatly appreciated. Thanks.
2

We currently do not provide any mechanism to access the HTTP headers sent to a webhook listener, but I will pass this along as an enhancement request to the product management team. This enhancement will be somewhat tricky to design and implement securely, because HTTP headers often contain security sensitive information. Some webhook providers like Shopify are really secure and use HMAC auth, but many other webhook providers are less secure, and we dont want integrator.io to be responsible for accidentally logging API tokens, passwords, etc... in clear text anywhere in the product. For example in flow error retry data, webhook listener debug logs, etc...

As a work around, would it be possible for you to create a separate webhook listener bubble for each Shopify store (and of course do the matching config in Shopify to have a separate webhook for each store), and then you can use a preSavePage hook attached to each bubble in your flow to add the extra store info to the data payloads? Hopefully this pic will help illustrate what I am trying to describe.

5301043caa20740200000001-c364814b9a1b4a83b216641f32b712f8.png
5301043caa20740200000001-c364814b9a1b4a83b216641f32b712f8.png2116×1253 156 KB

3

Thanks for the prompt reply Scott. I see the workaround that you are doing here which makes sense. It's more things to code into the flow, but it does make sense. My only issue is that some companies provide needed data within their HTTP headers only and don't send it in the body data.

In regards to the header security, I completely understand where you're coming from. From my perspective, the security risk should solely fall onto the responsibility of the user creating the mapping. If you are mapping HMAC tokens or other sensitive data, then you should be responsible if that data gets logged or whatnot, kind of like data privacy policies in regards to PII data. But if you're mapping other header data that's not sensitive such as the Shopify store domain to pass along downstream, this should be allowed. Just my 2 cents on the issue.

It would be a great enhancement if the team would be able to add this feature in the future. Thanks for your workaround above. Celigo has been great so far!

1 Like