Hi all,
I have a API Access application running on an express server. The application uses the SmartThings NodeJS SDK to setup subscriptions.
The target url for SmartThings to ping my express server with data for these subscription was the index route of my application, i.e /
route in my app. The portion of code to implement this is shown below using the handleHttpCallback
function.
var express = require('express');
var router = express.Router();
var smartapp = require('../smartapp');
/// handleIndexPost ///
// This is the route that smarthings will post to
const handleSmartThingsPost = async function (req, res, next) {
try{
// Handle the http callback
let result = await smartapp.handleHttpCallback(req, res);
}catch(error){
logger.error(`Error in handling post request to \ ${error}`)
}
}
/// POST home page. ///
// req and res are passed automatically to handleSmartThingsPost
router.post('/', smartThingsController.handleSmartThingsPost)
On the first request to verify this is the correct url the message below is printed to the console. I simply click on the <URL>
in the message and the route is verified and all works well.
2021-03-24T16:13:58.814Z info: CONFIRMATION request for app XXXX, to enable events visit <URL>
I want to now instead of receiving data from SmartThings at the route /
I want to receive data at the route /smartthings
.
The code is pretty much the same as shown below to enable this.
var express = require('express');
var router = express.Router();
var smartapp = require('../smartapp')
/// handleIndexPost ///
// This is the route that smarthings will post to
const handleSmartThingsPost = async function (req, res, next) {
try{
// Handle the http callback
let result = await smartapp.handleHttpCallback(req, res);
}catch(error){
logger.error(`Error in handling post request to \ ${error}`)
}
}
/// POST home page. ///
// req and res are passed automatically to handleSmartThingsPost
router.post('/smartthings', smartThingsController.handleSmartThingsPost)
Again on the first request upon changing the route to /smartthings
in the developers console I get a POST request to this route however the console does not display the confirmation url, instead it displays what is shown below.
2021-03-24T16:10:54.007Z error: Forbidden - failed verifySignature
2021-03-24T16:10:54.008Z error: Unauthorized
POST /smartthings 401 152.406 ms - 9
Printing out the body of the raw request received there is actually a confirmationUrl
sent
{
messageType: 'CONFIRMATION',
confirmationData: {
appId: 'XXXXX',
confirmationUrl: <URL>
}
}
Clicking on this <URL>
does verify the smartapp it seems. It allows data from subscriptions to be sent from the ST cloud however the handleHttpCallback
blocks these requests from calling my subscription handlers as it is again saying that the app is Unauthorized even though it is receiving data at that url.
Below is a print of the request body of data being received and the SmartThings SDK blocking it
DATA_RECEIEVED:
{
messageType: 'EVENT',
eventData: {
installedApp: {
installedAppId: 'XXXX',
locationId: 'XXXX'
},
events: [ [Object] ]
}
}
2021-03-24T16:37:22.147Z error: Forbidden - failed verifySignature
2021-03-24T16:37:22.147Z error: Unauthorized
POST /smartthings/ 401 2.286 ms - 9
The only route the SDK seems to work for is the root /
URL which I cannot use. This couldn’t be correct is it? I cannot spot what I am doing wrong as I am getting data its just being blocked.
Any help is welcome!