martmull
martmull
PostsComments
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
@Marian is that clearer now?
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
@Félix can you confirm?
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
so you need hash 256 with your secret ${headers["X-Twenty-Webhook-Timestamp"]}:${JSON.stringify(body.payload)} and check this valus with headers["X-Twenty-Webhook-Signature"]
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
### X-Twenty-Webhook-Timestamp

Unix timestamp of when the webhook was sent. This timestamp is included in the HMAC signature generation to prevent replay attacks.
### X-Twenty-Webhook-Timestamp

Unix timestamp of when the webhook was sent. This timestamp is included in the HMAC signature generation to prevent replay attacks.
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
const crypto = require("crypto");
const timestamp = "1735066639761";
const payload = JSON.stringify({...});
const secret = "your-secret";
const stringToSign = `${timestamp}:${JSON.stringify(payload)}`;
const signature = crypto.createHmac("sha256", secret)
  .update(stringToSign)
  .digest("hex");
const crypto = require("crypto");
const timestamp = "1735066639761";
const payload = JSON.stringify({...});
const secret = "your-secret";
const stringToSign = `${timestamp}:${JSON.stringify(payload)}`;
const signature = crypto.createHmac("sha256", secret)
  .update(stringToSign)
  .digest("hex");
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
## Headers
### X-Twenty-Webhook-Nonce

Unique identifier for this webhook request to prevent replay attacks. Consumers should ensure this nonce is not reused.

### X-Twenty-Webhook-Signature

HMAC SHA256 signature of the request payload using the webhook secret. To compute the signature:

Concatenate X-Twenty-Webhook-Timestamp, a colon (:), and the JSON string of the request payload.
Compute the HMAC SHA256 hash using the shared secret as the key.
Send the resulting hex digest as this header value.
Example (Node.js):
## Headers
### X-Twenty-Webhook-Nonce

Unique identifier for this webhook request to prevent replay attacks. Consumers should ensure this nonce is not reused.

### X-Twenty-Webhook-Signature

HMAC SHA256 signature of the request payload using the webhook secret. To compute the signature:

Concatenate X-Twenty-Webhook-Timestamp, a colon (:), and the JSON string of the request payload.
Compute the HMAC SHA256 hash using the shared secret as the key.
Send the resulting hex digest as this header value.
Example (Node.js):
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
I have found the documentation on signature, it is in the rest api documentation, in webhooks, here is the link for company-created webhook -> https://twenty.com/developers/rest-api/core#/webhooks/Company-Created/post
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
no, the timestamp used to generated the signature is also provided in headers X-Twenty-Webhook-Timestamp
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
No description
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
timestamp = Date.now().toString(); (see https://github.com/twentyhq/twenty/blob/b5e6600c73492b7397b242b9b170f9d19107ef78/packages/twenty-server/src/modules/webhook/jobs/call-webhook.job.ts#L62C49-L62C71)
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
No description
19 replies
TTwenty
Created by Marian on 4/16/2025 in #❓︱help
Are webhook secrets actually used? How?
Hey @Marian thank you for reaching us. Secret is not provided in the webhook data directly. We generate a signature (hashing webhook data, secret and timestamp) that we add to headers in X-Twenty-Webhook-Signature key. So to get an check your secret, you need to create the expected signature and compare it to the X-Twenty-Webhook-Signature header value. FYI here is the code that generates the signature -> https://github.com/twentyhq/twenty/blob/b5e6600c73492b7397b242b9b170f9d19107ef78/packages/twenty-server/src/modules/webhook/jobs/call-webhook.job.ts#L32 
  import crypto from 'crypto';

  private generateSignature(
    payload: CallWebhookJobData,
    secret: string,
    timestamp: string,
  ): string {
    return crypto
      .createHmac('sha256', secret)
      .update(`${timestamp}:${JSON.stringify(payload)}`)
      .digest('hex');
  }
  import crypto from 'crypto';

  private generateSignature(
    payload: CallWebhookJobData,
    secret: string,
    timestamp: string,
  ): string {
    return crypto
      .createHmac('sha256', secret)
      .update(`${timestamp}:${JSON.stringify(payload)}`)
      .digest('hex');
  }
Hope it helps.
19 replies
TTwenty
Created by JonApps on 3/27/2025 in #❓︱help
API filtering NULL value on enums
https://github.com/twentyhq/twenty/issues/11312
3 replies
TTwenty
Created by JonApps on 3/27/2025 in #❓︱help
API filtering NULL value on enums
Hey thank you for reaching out. Indeed we can't filter by null enum types. I create an issue
3 replies
TTwenty
Created by zon on 3/31/2025 in #❓︱help
Why doesn't the webhook work when data is loaded from the API?
https://github.com/twentyhq/twenty/issues/11311
3 replies
TTwenty
Created by zon on 3/31/2025 in #❓︱help
Why doesn't the webhook work when data is loaded from the API?
Hey @zon thank you for reaching us. Indeed no webhook are triggered When api crud endpoints are used. I opened an issue to fix that
3 replies
TTwenty
Created by dialnco on 3/31/2025 in #❓︱help
Error: non descriptive 500 error on /rest/metadata/relations api
Hey, thank you for reaching us. I look at the issue this week. Cheers
2 replies
TTwenty
Created by SoccerGuy14 on 2/11/2025 in #❓︱help
Enum "OpportunityStageEnum" cannot represent value: "LOST"
I had to remove the enum value and the view using this enum value to define kanban columns. @charles do you know why it happens?
7 replies
TTwenty
Created by martmull on 2/10/2025 in #❓︱help
How to check if my worker is running?
Yes thanks
4 replies
TTwenty
Created by Karl! on 1/29/2025 in #❓︱help
Email sending not working
Also, updated env variables are taken into account only after a worker restart
8 replies