Level 53
@steve_guardiani it might fail because of the IP address. This package includes a middleware to check if requests comes from whitelisted IPs.
Sep 19, 2019
11
Level 17
Authenticating incoming http webhooks from Postmark
Using Laravel 5.8
I'm trying to get notifications from postmark when "outbound" emails are delivered. I'm using https://packagist.org/packages/mvdnbrk/laravel-postmark-webhooks and I've followed the installation steps.
When I try sending a test from postmark, I get a 401, my app is not allowing access. I sort of expected that because I haven't set up the Basic auth credentials (Username and Password).
I can setup the credentials on postmark but I have no idea where to configure the credentials in my Laravel app.
I've tried updating my .env file and added MAILBOX_HTTP_USERNAME and MAILBOX_HTTP_PASSWORD but that only seems relevant for a different package and I'm still getting the 401.
Can any one tell me where I configure the credentials in Laravel? I'm new to webhooks and would really appreciate some guidance here.
Level 17
@sti3bas yes, I've check the white list and it matches the IP's published on the Postmark website.
Apart from the whitelisted IP's, there's no indication of any other configurable credentials, which I though was a bit too easy.
Postmark does allow for the URL to include a username and password, but where do they go in Laravel?
Level 53
@steve_guardiani as far as I see it's optional and it seems like this packages doesn't have an implementation for auth.
Level 17
@sti3bas the documentation with the laravel-postmark-webhooks package says it requires illuminate/support.
This may be a dumb question, but when I "require" laravel-postmark-webhooks and run composer update, does it automatically pull in illuminate/support? Or do I need to require it manually?
Level 53
@steve_guardiani it will install it automatically because it's listed as a dependency in package's composer.json file: https://github.com/mvdnbrk/laravel-postmark-webhooks/blob/master/composer.json#L23
Level 17
@sti3bas Maybe I need to exclude the URL from CSRF protection since Postmark will not have a CSRF token.
Level 53
@sti3bas api routes doesn't have CSRF protection by default.
I would create a dummy route and try to log the IP to check that it's really included in the whitelist.
Level 17
@sti3bas thanks for the suggestion but I'm going to leave it for now. . it's 2:23 am here and I'm shutting down :)
Level 17
I've reached out to Postmark and am waiting for their response. hopefully they will have a solution.
Level 122
I think you need to create a user account in your users table with username and hashed password
Share these credentials with Postmark
Add middleware to your webhook route that uses onceBasic() authentication
https://laravel.com/docs/5.8/authentication#stateless-http-basic-authentication
Level 17
@snapey Spot on! Thanks a lot, much appreciated!
Please or to participate in this conversation.