I am working on Amazon Simple Notification service (SNS) with Liferay. I have subscribed topics to an endpoint and receiving bounce, delivery, complaint objects successfully. But I am struggling with signature verification. I am using the same code given by aws in following url: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.example.java.html
Do I need any configuration for X509Certificate?
Have also referred this: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.https.ca.html. But they have not mentioned where to add it or else I am not able to interpret from the desc given. I can't complete the functionality as this is the crucial part of it. Any help would be appreciated. Thanks in advance.
Related
I am trying to understand what causes an "_email.unsubscribe " event in AWS Pinpoint for sending Transactional Emails. I want to add a link with which users can click to unsubscribe. I am using JAVA SDK 2.X. The developer guide was not very helpful. I'd appreciate if someone can post a sample code or an approach that would help .
from AWS documentation:
Emails unsubscribed – The number of messages that prompted the
recipient to unsubscribe. Note In order for Amazon Pinpoint to count
an unsubscribe event, the unsubscribe link in the email has to contain
a special link tag (a tag called unsubscribeLinkTag, as in the
following example:
<a ses:tags="unsubscribeLinkTag:click;" href="http://www.example.com/unsubscribe">
Only links that contain this tag are counted as unsubscribes.
basically, it just generate an unsubscribe event to kinesis
I am trying to Integrate SurveyMonkey with my backend.
This is the flow:
(1) We create a webhook(https://developer.surveymonkey.com/api/v3/#webhooks) using POST method from PHP, with Subscription url as an AWS API Gateway.
(2) When user completes a survey, SurveyMonkey invokes the subscription Url (API Gateway), which in turn calls a Lambda function to update the database.
The problem is when i try to give a API Gateway url as the subscription Url, SurveyMonkey returns a Bad Request response. If i use a general .php page, the webhook is getting created successfully.
In the conversation with SurveyMonkey Support Team, they say, the API Gateway should return a 200 response for HEAD request. I am not sure how to set this up in AWS.
Can anyone who has implemented / integrated, API Gateway with SurveyMonkey please guide me on how to solve this issue?
Here is the conversation with SurveyMonkey Support Team:
Thanks for getting back in touch. I just spoke with my colleagues on
the development team and they noted that there shouldn't be an issue
in using a lamda function for your subscription_URL. As long as it
accepts HEAD and POST requests and returns a 200. I hope this helps
you out; of course, please let me know if I can assist further.
Thanks for getting back in touch. I wanted to confirm that the lambda
function needs to return a 200 to a HEAD request in order for us to
enable the webhook properly. This isn't done after the webhook is
cerated, but as the webhook is created. It still seems like the
lambda function isn't responding, or responding correctly, as it is
created, so it will continue to fail. I hope this helps clarify;
please let me know if I can assist further.
One way or another, you need to get the API Gateway to respond to HEAD requests. There are a lot of ways to do this. You could add a HEAD method to the resource of your URL. You can do that in the API Gateway console under the resource section when you're editing you api. You can send the HEAD requests to a lambda function and have that function return a 200 status code for appropriate HEAD requests. You can set up a mock return in the api integration request, but you'll need to set up the correct integration details. You can also just set ANY lambda proxy integration and deal with everything on the lambda side.
Once you have something setup you should be able to test with curl:
curl -I http://yourUrl.example.com
Pretty sure there's no way to do this but would be great to reach out to see if anyone else has any ideas.
What I'm trying to do is this:
I have 2 microservices hosted on Google Cloud Platform as cloud
functions
My first microservices does stuff and fires a PubSub
message with topic [x]
I'd like to set my second microservice up as a
push subscriber to the topic [x]. I know I can do this by deploying
the 2nd cloud function with a subscription trigger but I don't want
to do this as there's no decent way to acknowledge/reject the message
(see this post: Google Cloud Functions to only Ack Pub/Sub on success).
Therefore I've deployed my 2nd function as having a HTTP trigger. I've then tried
to configure the push subscription in the GCP console to this
endpoint URL. Of course, this isn't working because the
https://[cloud-subdomain].cloudfunctions.net/ isn't a verified
domain.
I guess it's just not possible to do what I'm trying to and instead need to create my 2nd microservice in app engine or elsewhere where i can verify a domain.
Thanks in advance!
Site Verification using HTML tag method
Not just domain registrar based verification, you can verify your site using any of the methods listed here. I agree most of these will not work with Cloud Functions, but it is possible to get HTML Tag based verification working in matter of minutes with Cloud functions.
You will need to add the given meta attribute in the HTML response just before the body attribute.
Example:
<meta name="google-site-verification" content="VERIFICATION_TAG" />
Also, Google verifies the domain periodically (even after initial success) and hence you will have to continue returning this response as long as you want to have the URL verified.
How long does verification last?
Google periodically checks if your verification is valid in a way
appropriate to your verification method (for example, by checking for
the presence of an HTML tag on your site). If verification can no
longer be confirmed, your permissions on that property will expire
after a certain grace period.
Implement retry mechanism within your Cloud function
This is same as the option explained in the other answer you linked, and IMO simpler. Take currentRetryAttempt as one parameter of the request and increment this value every time you queue up a retry request recursively back to the same function when you're timing out. You will need to check currentRetryAttempt against a maxRetriesAllowed value before queuing up a new retry request.
It does not impose any restrictions on the responses from your Cloud function unlike the previous option.
I published a detailed description of how to send messages from a pubsub topic in project A to a cloud function in project B. Including push endpoint configuration, domain verification and a python code example. This can be found in the following stackoverflow post:
Google pubsub into HTTP triggered cloud function?
I've gone through all the prereqs on Google's site.
Got and installed a SSL cert (from Let's Encrypt) on server.
Registered and verified the domain (yes, the https url) on Google Search Console (like https://example.org).
Added to the domain to my API Credential's Domain Verification.
topic='projects/myproject/subscriptions/mytopic'
sub='projecs/myproject/subscription/mysub'
client.projects().topics().create(topic=topic, body={}).execute()
client.projects().subscriptions().create(name=sub, body={'topic': topic, 'pushConfig': {'pushEndpoint': 'https://example.org/push-handler'}})
And I get back:
googleapiclient.errors.HttpError: https://pubsub.googleapis.com/v1/projects/myproject/subscriptions/mysub?alt=json returned "Invalid push endpoint given (endpoint=https://example.org/push-handler). Refer to https://cloud.google.com/pubsub/subscriber#create for more information.">
Also, I'm unable to create subscriptions from Google's Pub/Sub developer console. When I try, I get back a "Subscription cannot be added" notification. I am the full owner of this topic and project, with read and write permissions. I'm able to add pull subscriptions with no problem.
Any ideas on why? It seems like I'm not the only one hitting this.
Figured it out. I included the protocol (https://example.org) in the domain verification, instead of just example.org. It would have been nice of the domain verification tool provided some validation preventing this.
https://console.developers.google.com/apis/credentials/domainverification
I am trying to implement an authorization mechanism on WSO2 Message Broker, but I am pretty new to WSO2 products. My goal is to implement MQTT Topic Authorization in the same manner it is implemented for JMS topics. Actually I am looking the code on the "andes" repository and "carbon-business-messaging" repository, and I would be very grateful if you can suggest me where to start. (that's a lot of code to look at)
What I want to do is to allow a particular user to publish/subscribe topics using the User Role permissions, so that even if someone connects to the Broker, he/she can't subscribe or publish without permission.
You can see how the Authentication is happening in MQTT from here.
You can look at the following method in ProtocolProcessor.java class. This is located in andes core.
processSubscribe(ServerChannel session, SubscribeMessage msg, String clientID, boolean cleanSession)
Also to get an idea about the how authorization Done in JMS messaging you can refer AndesAuthorizationHandler.java Class from here. This is located in carbon-business-messaging repository.