Share via

Create Subscription API not able to validate notification url of Salesforce Webhook

Harshal Sakare 5 Reputation points
2023-03-28T11:37:53.1233333+00:00

Hi,

We are implementing the webhook inside Salesforce to receive the change in notifications.

For this we have created a webhook inside salesforce:

  1. Create a public URL that can be accessible from anywhere
  2. Added the logic to send back the validation token

This public URL is working fine. Able to send requests from Postman. We are able to see debug logs in Salesforce.

Whereas We are trying to call the "Create Subscription" API from Salesforce, it is sending an error message saying: Subscription validation request failed. Notification endpoint must respond with 200 OK to validation request.

But we are not receiving any call in our system. There is no debug logs in Salesforce system from Graph api. But we are receiving debug logs when call this webhook from Postman.

Microsoft Security | Microsoft Graph

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-03-28T13:07:36.8633333+00:00

    Hi @Harshal Sakare,

    Thanks for reaching out!

    The subscription notification endpoint (specified in the notificationUrl property) must be capable of responding to a validation request as described in Set up notifications for changes in user data. If validation fails, the request to create the subscription returns a 400 Bad Request error.

    The process to set up a valid subscription involves both the client app and Microsoft Graph as follows:

    1. The client app sends a subscription request to subscribe to changes on a specific resource.
    2. Microsoft Graph verifies the request.
      • If the request is valid, Microsoft Graph sends a validation token to the notification URL for the client app to validate the notification URL.
      • If the request is invalid, Microsoft Graph sends an error response with an error code and details.
    3. When the client receives the notification URL validation request, the client responds with the validation token in plain text.
    4. Microsoft Graph validates the client's validation token response and if the validation token is valid, responds with a subscription ID.

    Reference document: https://learn.microsoft.com/en-us/graph/change-notifications-delivery-webhooks?tabs=http

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".

  2. Chris Jones 0 Reputation points
    2024-02-09T17:42:25.8866667+00:00

    You may also want to confirm that your notification endpoint is configured to accept text/plain as well as return it. This ended up being my problem, since my server was returning a 405 before ever hitting my code due to the incoming content-type of text/plain from MS Graph.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.