I have created an API that is to receive and log any request.
When I set the Kintone Webhook to post to it I am getting a 403 error.
The logging in the admin pane tells me there is a 403 error, and the event that triggered it, but not of the information that I can use to debug it.
If I was able to see the headings on the request I may be able to track down a solution using the following.
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-troubleshoot-403-forbidden/#:~:text=An%20HTTP%20403%20response%20code,due%20to%20client%2Dside%20issues.&text=The%20caller%20isn’t%20authorized,that’s%20using%20a%20Lambda%20authorizer.
Though there is not much that I can configure in the webhook itself I might change this outcome.
One silver lining though, I can set up a Webhook Zap that will forward this data to my API. Though using Zappier as just a pass-through feels wrong.
Is there any hope that webhooks will get more development in the future?
Is there a chance that there is a setting that I am missing in AWS?
Hi Michael,
Please correct me if I am wrong, but you have specified AWS API Gateway as your kintone webhook URL.
However, the webhook failed to send, and a 403 error occurred?
I’m assuming that you are checking the kintone audit log for the relevant information.
In that case, there is a possibility that an error occurred due to the inability to access the corresponding URL.
However, the configuration of the webhook destination, including the API Gateway, is not supported, so it would be better to check with the provider such as AWS.
@Sean Tachibana, Thank you for responding!
Your correct that I should work with AWS to get fix the accessibility issue. My intention with the above was to bring up that the Kintone Logs to not provide enough information to troubleshoot the issue with AWS.
The log states:
app id: 47, app name: Super Simple Test App, record id: 2, comment id: 1, notification id: 9787c5c8-5f7b-4f94-9b29-852bafc05a9e, event type: ADD_RECORD_COMMENT, server url: https://wv5au9zf5f.execute-api.us-west-2.amazonaws.com/dev/kintoneWebHook, error type: SERVER_ERROR, status code: 403
But the AWS documentation state that I need to look in the response header for the reason for the failure.
Lastly, I am not able to reproduce the error in Postman or in other applications hitting the endpoint.
As a final observation, the Webhook integration interface does not appear to provide enough configuration options to attempt to fix the issue.
I hope this makes the pain point more clear.
Hi Michael
I feel the same pain about the response header not being included in the logs. Thanks for your feedback - I’ve passed this request to the Kintone dev team.
Hi Michael,
The log you provided is an error log when using the “Webhook” function.
Since the error type is “SERVER_ERROR,” I think it corresponds to the case where the notification fails
due to an error in the web service that receives the notification, as shown on the following page.
Actions on App Records:
https://get.kintone.help/k/en/admin/other/audit_logs.html#other_audit_logs_2020
(Please refer to the 10th column from the top)
I also got a “403” error when accessing the URL in the server URL from a web browser.
Perhaps the access from my environment is restricted.
Can I ask you to mitigate the restrictions on the AWS side and break down the issues?
You have told us that the phenomenon does not occur with other apps. Could you please also check if a “403” error is returned when using a different network?
Thank you for the response Sean Tachibana!
I added an API key requirement when I moved it to use the Zappier WebHook. (Note: this is another feature I would like to see in configuring webhooks from Kintone.)
I have opened up the access for a bit longer so that you can test the endpoint as well. You should be able to attempt to hit the endpoint from the browser or postman and with a 200 response should return a tracking ID back in the body.
You have told us that the phenomenon does not occur with other apps. Could you please also check if a "403" error is returned when using a different network?
I assumed that I was testing with a different network by using Zappier to hit the same endpoint that Kintone was attempting to post to. That is on an external network and is still able to post to the AWS endpoint. I am not able to simulate at this time hitting the endpoint from outside the US if that is what you mean.
Hi Micheal,
When I try to access the site from a web browser, the status is unchanged from the last time.
Is it possible to check if there are any settings on the AWS side that restrict the following IP addresses?
The outbound IP address applies.
IP Addresses That Kintone Uses:
https://get.kintone.help/general/en/admin/list_security/list_access/outbound_ipaddress.html
Also, if it is in the following states;
zappier→APIGateway: OK
kintone→APIGateway: NG
Some pages allow you to check the contents of WebHook notifications,
such as the following site, could I ask you to compare the contents of each notification and check
if there are any necessary settings on the AWS side.
https://webhook.site
Hopefully, this helps.