How to use Webhook with OAuth token for JSON Exchange?
Do we need to create two Webhooks, First to get Authentication Token and Second to Get data from the service and exchanging the token in every call? Or it is possible with one webhook?
So mean create a new service layer(custom code) between Marketo Webhook and Third party service?
Your 3rd-party service has not been designed to be called via webhook: it's not a webhook-compatible endpoint, and you should assume that was deliberate.
I write my endpoints in php. I curl to get the access token from third party platform, then curl again using access token to what ever endpoint to get what ever data I need
Webhooks aren't designed to be used this way. They are intended to be single requests.
You should use a webhook gateway (a stateless endpoint that internally manages OAuth without exposing anything like that to the caller).
You may try to populate a lead field with the access_token. But I consider this terrible design and not acceptable in a professional environment.
Sanford Whiteman - Thanks for reply, But it will not resolve my issue.
Webhooks are stateless, so they will never save token for next service call, So OAuth is seems not possible, we need to send every time uid/pwd with the service call? That what you are suggesting here?
Thanks for reply, But it will not resolve my issue.
Of course it will. You're not understanding the answer.
Webhooks themselves do not (by design) maintain state across invocations.
That has nothing to do with whether the service they're calling maintains internal state.For example, if you use a webhook to call a service, and that service queries a database, it's natural (in fact good design) for it to keep alive a pool of database connections. The platform that makes the initial HTTP request has no idea about the connection pool. The service is internally stateful. The webhook invocations are stateless.
Likewise, if you need to call a service that in turn calls an OAuth-protected service, you may cache the access_token for as long as you want. The webhook doesn't need to, and shouldn't need to, know about it.