Two-Step Authentication with Webhooks

This has 2 different race conditions though:

1. You must only trigger the 2nd webhook when Webhook is Called has fired for the 1st webhook. Can't be just two Call Webhook steps in a row.
2. The access token can expire after the 1st webhook writes it to a field and before the 2nd has attempted to use the value. It's easy to make this happen when running a large batch-to-request-campaign. So you also need an exception-handling campaign that can tell you when the 2nd Webhook is Called returned an error.

Hey guys, thanks so much for adding this info to the forum.

I'm trying to do this exact thing right now and whilst the call is successful, it doesn't seem to be populating the field I set up to house the authorization token, which means the next call fails. I actually have two fields set up, one as String and one as Text as the token that I saw coming through in Postman was 1292 characters long, which means it's unlikely to fit into the String type field, but neither fields are being filled out. Any suggestion on what I should/could try to get this stored on the person record?

I also saw some other discussions where Sanford recommends to not use the two webhook set-up but use a webhook proxy. I've been googling like mad, but I am probably not exactly searching the correct keywords to find what I need. Any advice?

Many thanks for your help!

@maddie_vararu_n, yeah webhooks are stateless entities in nature that means that systems requiring one HTTP connection to get an expiring token, followed by another connection do a lookup or update, aren’t webhook-compatible. You can of course store the OAuth token in a field and use that for your subsequent calls, but that is not 100% failure proof w/o having proper error handling mechanism and ensuring you call the make the 2nd call after the Webhook is Called has fired for the 1st webhook as Sandy mentions in the comment above. Also, access token isn't 1292 charecters long. Are you storing the entire JSON response of the authentication API in the field? Are you able show your webhook configuration? Of course, please make sure to mask your API creds before you add details about it here.

Using API Gateway, a proxy service essentially that takes care of getting the OAuth token and making the apt update/lookup call is ideal, which means from Marketo you'd just make a single call to this proxy which will then take care of making an authenticated call to the system and return the data.

Hi @Darshil_Shah1, thanks for responding! I was off for a bit and then ill, so took me a while to come back to this. I ran a test from Postman to see what the Authorization token looks like and this is the response I get:

{

    "authTokenDetails": {

        "token_type": "Bearer",

        "expires_in": "3599",

        "ext_expires_in": "3599",

        "expires_on": "1693910049",

        "not_before": "1693906149",

        "resource": "api://e4ea53c4-e608-4dcd-be25-ddab18562f9e",

        "access_token": "eyJ0bXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyIsImtpZCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyJ9.eyJhdWQiOiJhcGk6Ly9lNGVhNTNjNC1lNjA4LTRkY2QtYmUyNS1kZGFiMTg1NjJmOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80MWY1OTEyMS1hODQ2LTRiY2YtYmRmNi1lZjZjMjNiMTMwNDcvIiwiaWF0IjoxNjkzOTA2MTQ5LCJuYmYiOjE2OTM5MDYxNDksImV4cCI6MTY5MzkxMDA0OSwiYWlvIjoiRTJGZ1lBajJlZkI0YWVBaDBZTTZqdUs2VFlKdkFRPT0iLCJhcHBpZCI6ImU0ZWE1M2M0LWU2MDgtNGRjZC1iZTI1LWRkYWIxODU2MmY5ZSIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQxZjU5MTIxLWE4NDYtNGJjZi1iZGY2LWVmNmMyM2IxMzA0Ny8iLCJvaWQiOiI1MjNiMTg1NS1iMzdlLTRjNzgtYWVhNi0zNjdhYTA1NWRjZGYiLCJyaCI6IjAuQVFrQUlaSDFRVWFvejB1OTl1OXNJN0V3UjhSVDZ1UUk1czFOdmlYZHF4aFdMNTRKQUFBLiIsInJvbGVzIjpbIkFwaS5SZWFkV3JpdGUiXSwic3ViIjoiNTIzYjE4NTUtYjM3ZS00Yzc4LWFlYTYtMzY3YWEwNTVkY2RmIiwidGlkIjoiNDFmNTkxMjEtYTg0Ni00YmNmLWJkZjYtZWY2YzIzYjEzMDQ3IiwidXRpIjoiWWFobFY1dFVVMDJLS3VoSnBCLUlBQSIsInZlciI6IjEuMCJ9.UhdUawmxZvCSirFP7HlYucfRliZtVM1BrhdG4UChv3znPz9DqNr25h2wxc1utUMDA6XC_IqtkMKjfmY5JeenkvqjGAzWgmSpk-USU9ZjIfrbGbI6sa1n3RbGjr1oBsChI1-iz3oezLA4sdzkleLuBISVvuO6-yKPKHffciPrQR8YdzFYqRmjkotLUqGuuPwiHq5TZ7Fswqr8yEtZVG-nSAuwgkGHUjHpNKYZ_3y3ZesKcLjGFCiQXDWnAMtlgeDeL-IP4fQ48eENrLkJQ6o5_Y2ZbX2z0hfp8j0p5GrSje_6QQkXXY-ZUh3F-_OCmXlKFlF7xfupHrvNq2k6shzHWA"

    },

    "isSuccess": true,

    "message": null

 

Here's my authorization token call set-up - I created two fields to store the token, one text area and one string. I tried with each individually, in the example below I added both.

And here's the webhook for submitting the information: 

I'm by no means a developer, but budget constraints mean I have to do what I can 🙂 is there anything I can ask the third-party to do to make this process a bit easier? 

 

Thank you so much for your help!

Please use code editor to add the code/response snippets as it becomes really difficult to read it otherwise. Re the Get Access Token webhook setup in Marketo, are you sure that it's a POST call per your webhook definiation? Normally, that type of requests are GET. Also, earlier, I thought you were talking about Marketo's access token, which is by no means 1292 charecters long, but since this service's access token is, you should be using the text field to store the access token from the incoming response JSON. You should remove the entry from the Response Mapping where you're updating the access token to a string field, and just have the entry where you write the access token to a text area field.

Also, I hope you're using the Webhook is Called trigger to trigger off your 2nd webhook after making the Authorization token call instead of using an aribitary wait step b/w the 2 webhook calls.