https://www.growthbook.io/ logo
#ask-questions
Title
# ask-questions
s

silly-garage-55753

03/21/2024, 11:38 AM
Hey! My team was using the Event Webhooks, but after March 7th (around the v2.8 release) it stopped being fired when our features were updated (image 1). Is this a known issue? Also, I saw that Webhooks for SDK Connections was introduced (image2), does that mean we need to migrate our existing webhooks from
Settings > Webhooks
to
SDK Connections > SDK Webhooks
?
f

fancy-addition-87107

03/26/2024, 2:31 PM
Hello, everyone! I Would love to follow up on this one. Does anyone have some feedback?
fyi @better-dress-85975
e

enough-camera-24490

03/26/2024, 4:14 PM
What is the deal with this breaking?
b

better-dress-85975

03/27/2024, 10:22 AM
We relay on this functionality to get all GB feature updates and since we stoped receiving it then we are unable to create, update or delete features. Instead we need to get the payload form the logs and trigger them by ourselves. Is this functionality deprecated and not working anymore?? We need to implement SDK Webhooks to get same functionality?
b

boundless-waiter-96587

03/28/2024, 5:51 AM
Yeah having the same issue. Would love to get a definitive answer.
b

better-dress-85975

03/28/2024, 1:34 PM
Yes it would be nice to know that so we can allocate effort to update to the new "way" that is still unclear to me.
e

enough-camera-24490

03/28/2024, 2:11 PM
I migrated to the old Legacy SDK Connections for now. It was very easy as the header signature is the same, the only thing I had to do was update the Secret Key in our Application. @better-dress-85975 @boundless-waiter-96587
🙌 1
b

better-dress-85975

03/28/2024, 2:34 PM
Thanks for the insights @enough-camera-24490!
b

boundless-waiter-96587

04/01/2024, 8:07 AM
Seems to be working again……
e

enough-camera-24490

04/01/2024, 3:37 PM
I mean, I guess it is in BETA . The lack of response around this is strange....
h

happy-autumn-40938

04/02/2024, 2:07 AM
Hi folks. Sorry, this thread seemed to have slipped through the cracks. Are you still running into webhook problems for
feature.*
events? Depending on your use case, you may find the SDK Webhook to be more useful. Typically you'd use that for things like seeding or flushing cache for your application or CDN. Event webhooks, on the other hand, would be more for internal tooling, alerts, etc.
e

enough-camera-24490

04/02/2024, 3:40 AM
@happy-autumn-40938 Thanks for the reply! Yes, we were. Although it sounds like some folks are having success again. I migrated over to the Legacy Webhooks until I learned of a better way. Is there documentation for the new SDK Connection webhooks? The
X-GrowthBook-Signature
that appears in the other two webhooks, doesn't appear to be showing up for these?
h

happy-autumn-40938

04/02/2024, 4:21 AM
The SDK webhooks and legacy webhooks both use the same signature value, but the header key is different:
webhook-secret
. I do not see any docs for the SDK Webhooks... this appears to be an oversight. Until we can add them, here's what they send: method: settable in the UI. Supports
Copy code
GET, POST, PUT, DELETE, PURGE
headers (pass in custom headers in the UI):
Copy code
headers: {
        "Content-Type": "application/json",
        "webhook-id": webhookID,
        "webhook-timestamp": date.getTime(),
        "webhook-secret": secret,
        "webhook-sdk-key": key,
        ...customHeaders,
      },
body (optional): Settable in the UI. Not available for
GET
. If set, will send over the SDK Payload in this envelope format:
Copy code
{
      type: "payload.changed",
      timestamp: date.toISOString(),
      data: {
        payload: sdkPayload
      }
    }
Hi again folks, we did indeed have a regression for standard webhooks which primarily affected the
feature.updated
event. I've pushed out a fix.
e

enough-camera-24490

04/02/2024, 5:46 PM
@happy-autumn-40938 Thanks for the info. How are we suppose to use the
webhook-secret
value? It does not appear to be in the same format as the Signature header being passed in the other webhooks?
h

happy-autumn-40938

04/02/2024, 6:02 PM
It's slightly modified from before, based on this spec https://github.com/standard-webhooks/standard-webhooks/blob/main/spec%2Fstandard-webhooks.md#signature-scheme I think the only difference is the new "wh_sec" prefix. You'd do something like this to validate it (add your own error handling. We'll add more guidance to the docs soon.
Copy code
const computed = crypto
    .createHmac("sha256", signingKey || "")
    .update(res.locals.rawBody || new Buffer(""))
    .digest("hex");

  const received = req.get("webhook-secret");
  const sig = received?.split("whsec_")?.[1] || "";

  if (!crypto.timingSafeEqual(Buffer.from(computed), Buffer.from(sig))) {
    throw new Error("mismatch signatures");
  }
🙌 1
e

enough-camera-24490

04/02/2024, 9:21 PM
Interesting, I am still not getting a successful match, even when removing the
whsec_
from the secret passed. I will keep playing around with it. Thanks for the response!
b

brash-kite-51410

04/02/2024, 10:05 PM
have you updated the signing key to the SDK webhook signing key?
e

enough-camera-24490

04/02/2024, 10:07 PM
Yep, I replaced the key with the
wk_<16chars>
one given when I created the SDK webhook.
b

brash-kite-51410

04/02/2024, 10:28 PM
also you need to make sure that you are hashing based on the
payload
object not the full body
👀 1
e

enough-camera-24490

04/02/2024, 10:35 PM
{"type":"payload.changed","timestamp":"2024-04-02T22:32:44.872Z","data":{}}
Is that the empty data object?
b

brash-kite-51410

04/02/2024, 10:36 PM
do you have payload turned off?
e

enough-camera-24490

04/02/2024, 10:37 PM
I do. I'm just busting our cache with the webhook.
b

brash-kite-51410

04/02/2024, 10:37 PM
you can then just gen the hash with an empty string if your not sending any payload data
e

enough-camera-24490

04/02/2024, 10:40 PM
Yep, which is what I am doing.
Copy code
$secret = 'wk_123457';
$hashedContent = hash_hmac('sha256', "", $secret);

return hash_equals($hashedContent, $signature);
Above is what I am doing (PHP) for the other webhooks.
b

brash-kite-51410

04/02/2024, 10:41 PM
what are your settings on the sdk webhook?
e

enough-camera-24490

04/02/2024, 10:42 PM
POST method with no extra headers.
b

brash-kite-51410

04/02/2024, 10:42 PM
let me test on my side and see if i can recreate what is going on here
e

enough-camera-24490

04/02/2024, 10:44 PM
Sounds good. I appreciate it.
b

brash-kite-51410

04/02/2024, 10:46 PM
i think i found the issue let me get a fix out for this
🙌 1
fix has been deployed let me know if that is working for you know
e

enough-camera-24490

04/02/2024, 11:39 PM
Looking good! Thanks!
5 Views