We have made an improvement to workflow webhooks that invoke the REST API.

Previously, when a workflow webhook invoked the REST API, the Editor automatically added an HTTP header that contained the Application Access Key. We have now made this easier and more automatic.

When a webhook is invoked, we now check whether the webhook is invoking the REST API. If so, we now automatically add the Application Access Key just before invoking the webhook POST call. There is no longer any need for you to configure the HTTP Header containing the Application Access Key in the Editor. In fact, if the Editor finds an HTTP Header containing the Application Access Key in the webhook that calls the REST API, we automatically remove it.

This has two advantages.

1. It eliminates the need for you to configure the HTTP Header for the webhook in the Editor.
2. It ensures that the REST API call is always called with the most recent Application Access Key. If you update the Application Access Key you no longer need to update the webhook.

The only time you now need to explicitly specify the HTTP Header containing the Application Access Key for a webhook that invokes the REST API is when you are calling an application that is owned by another account.

See topic “Application Access Key” in this article https://help.appsheet.com/en/articles/1979979-invoking-the-api

Thank you Phil san, and I believe this action was made in response to recent post (can not locate though…) pointing out the potential weakness of the Appsheet webhook security aspects, and now it become more secured.

Thank you again.

Very cool, thanks Phil!

The existing app with Appsheet API call being implemented stopped working, obviously it started to happen either yesterday or before. Workflow is fired, but webhook is ending up with error.

Obviously we App creator need to take action in response to this recent change in Webhook set up.

I went to manage pane, integration tab. The existing access key looks expiring 18th November, meaning, this seems to be one of cause of the problems. To tackle the issue, I generated the new key.
After that, then I go to webhook setting on workflow. Until now (at the time webhook was originally set up) , Preset was set to Custom. Now I changed to Appsheet 'xxxx depending on verb. Table name is made sure to target the name of table the api is going to address. Webhook body is gone upon changing preset. Before we change preset, just copy the body and hold.
Change the preset to appsheet one, and paste the body (Json)

Save edit.

The webhook resume to work.

I think this is not happening to me, but for those who do have webhook set up in your app should need to take this path to keep webhook up and running.

As far as I see, I could not locate any announcement from Appsheet team to call for our action to get the webhool up and running without downtime.

@tsuji_koichi it cought me as well, even though we both acknowledged it.

Invoking the REST API from a Webhook

Platform became bit buggy these days…

I agree.
I’m going to be starting a new account and make sure it’s stable, late roll out. Too many experiments. So I’ll maintain this account for experiments, Ayva a new account for stable client work.

For the last few days, i m trouble shooting for existing apps, none of other stuffs I can do for now.

Ask them to roll your account back off of all the pre GA

That s also another painful option, so i stay calm.

Agree, how can you stay ahead of the curve of you don’t help make it stronger!?

I keep saying to myself this is inevitable process for appsheet to grow up…

In 2-3 months, it’s going to be an entire new invention.

this is true :). I welcome all the new changes. support is taking long to get some editor bugs worked out though. some complex formulas in my apps are not working. Been working with tech for 2 weeks to get it resolved. been figured out just needs to be rolled out. Take forever :(. @Aleksi

The support is taking longer. Some of the bugs are so nuanced and it seems to take awhile to “get to engineering”

@Grant_Stead and @tsuji_koichi we are looking into this issue and get back with root cause. Apologies for the inconvenience.

Tagging @Phil and @Dan_Bahir

Just as a supplementary information for you, all the access key for api on every app seems to claim the key is expireing on 18th Nov.
Seem there is a clue with this indicaiton.

Hi Koichi-san,

We attempted to notify you of the change in early November.
Can you and I sort this out via private email to ensure we fully understand why that communication failed?
You can reach me at philgarrett@google.com.

Phil Garrett

Phil, I am still having issue with this change. I have users that when invoke the webhook get the
"Error:
"Webhook HTTP post request failed with exception The remote server returned an error: (403) Forbidden. "
but when I invoke it runs with no issue. Any ideas?

Can you describe the problem in more detail?

I am not sure what you mean when you say “I have users that when invoke the webhook”.
Exactly how are they invoking the webhook?
Is the webhook being invoked in one application and is the invoked application another application?
Is the webhook being invoked from one account and is the invoked application in another account?