Skip to main content

We currently use microsoft flow to catch and transform webhooks/data from 3rd party services and post back into Acumatica. However, we would prefer to use Zapier. I know it is a bit more complicated than your standard https rest api, but does anyone have any guidance as to what might be possible with Zapier and how to do it?

As a follow up question/thought. I have read up on webhooks and it may be that is a better solution for our use case. But with webhooks, how is security handled? Is there anything stopping anyone from posting to the webhook url if they retrieved that url? I have read some of the documentation but it’s still not that clear. Also, it tells you to register the url on the “External applications” form (SM301000) - but i don’t see zapier as an option in the application pulldown (https://www.dropbox.com/s/ublhlex6nimmjn3/Screen%20Shot%202022-03-12%20at%2011.52.43%20PM.png?dl=0)

 

just for reference - i’m o 

site.png Acumatica 2020 R2
Build 20.208.0031 

For Web hooks, the information is received based on the URL it post the data to. Acumatica will consume the request and based on the config/dev, you would need to first do authentication and add it business rules.

See below to start with, you would need to pass the username and/or password with your POST:

 private IDisposable GetAdminScope(string companyName)
{
    var userName = "admin";
    if (PXDatabase.Companies.Length > 0)  
        userName = userName + "@" + companyName;
    
    return new PXLoginScope(userName,PXAccess.GetAdministratorRoles());
}

 

See link:

https://www.acumatica.com/blog/easily-send-post-requests-to-acumatica-using-webhooks/


Hi @Gerhard van den Heever thank you so much for your reply. We have the webhook working and we are now focusing on securing the endpoint. I see in the sample code they have “admin” as the username that is used to execute the functionality within the webhook code. However, by default, it doesn’t require that the post to the webhook contain any authorization or other authentication data.

I want to make sure that i understand correctly…I believe you are saying that it’s up to us to decide how and what we want the webhook to require when receiving the post to determine if we will allow the webhook functionality to execute. Is that correct?

 

Assuming I’m correct, do you have any suggestions for best practice? Of course we can just create a random string/key and post that as part of the header data.

 

I know there are “External Applications” and “Connected Applications” screens within acumatica. Should either of these be utilized for this use case? and if so, how best? 


Hi @ckwiat46 

 

The Webhook calls would normally be sent from a secure system already with the correct structures. The connected applications provides the tokenized authentication. 

If you do need to make each request secure, either add in logon credentials in your package with each sent, or do a Tokenized Authentication prior submitting the information. It really depends on your approach. 

I am glad the above helped. 


Reply