Community Forum
Event webhook call digests not matching causing failed attempts
We are getting an issue on the webhook calls, where some requests are being authorized successfully and others not. We have determined that the issue occurs due to the request signature being passed in the request header from Root not matching the digest we generate on our end. This only happens sometimes, not constantly. We do have sample data if you need (not added due to sensitivity). On our end we consistently generate the digest in the same way for all incoming requests:
1. We take the incoming JSON object and serialize it to a raw JSON string.
2. We then create a HMACSHA1 with the webhook secret.
3. We compute the hash of the HMACSHA1 with the request body string (step 1), and convert it to a lowercase hex string, which gives us our digest.
4. We compare the digest to the request signature to determine if a request is Authorized.
This appears to be an issue with how the digests are being calculated when the calls are made from the Root back-end. This is happening in production often and in the sandbox much less so.
Any idea what this issue could be?
Posted by Ruaan Viljoen 11 months ago
Prepopulating application schema data
Hi,
After capturing the quote, I have the following (truncated) response from the `getQuote` hook:
```json
{
"quote_package_id": "115f1f1f-0870-49a6-8580-1197f1efb3d2",
"package_name": "OneSpark Essential Funeral",
"input_data": {
"commencement_date": "2023-04-01T00:00:00.000Z"
},
"product_module_definition_id": "b5389a08-94a2-4ed9-a9f9-7abe6d07668f"
}
```
On the application schema page (the page after the policyholder page). I'm trying to prepopulate the `commencement_date`. The relevant schema excerpt below:
```json
{
"key": "commencement_date",
"type": "date-picker",
"label": "Cover Start Date *",
"outputPath": "commencement_date",
"validators": [
{
"validation": {
"type": "required"
}
}
]
},
```
The way I'm interpreting the docs [here](https://docs.rootplatform.com/docs/schemas-overview#prefilling-schema-inputs) is that the `input_data` object should make the page prepopulate the commencement date, but this is not working. The only time the mechanism seems to be working is when I navigate back after capturing the application fields, but then the `input_data` is set on the application, and not coming from the quote anymore.
Please advise.
Thanks
Posted by Albert about 1 year ago
Policy not_taken_up webhook
Is doesn't look like there are any webhook events (not a not_taken_up, policy_updated or anything else) triggered when a policy's status is set to not_taken_up - is this correct? If so, can we log a request to have a webhook event for when a policy is set to ntu?
Posted by Hilgard van Rooyen about 1 year ago
Payment Create API :: What Events Are Triggered
Good day
We have started using the new [payments API](https://docs.rootplatform.com/reference/create-payment)
What is not clear is what events fire off of the different permutations of the payment object sent through successfully. What events/communications are fired for the following?
1. payment_type
1. premium_type
1. collection_type
Do we need to use collection_type = debit_order_* to fire off the debit order comms?
* If we do use a debit_order_* type other than comms are there any other things that happened (bear in mind this is for a payment being fed in where the product module is configured to external payments)?
Posted by Yair over 1 year ago
Mocking the 'root' object?
Hi,
In our unit-testing-code.js, we're trying to test some code which accesses a datastore, as in the example:
`await root.dataStores.store('data_store_key').find();`
Unfortunately, the `root` object is always undefined.
Am I failing to setup the test correctly?
Thanks
Posted by Albert over 1 year ago
status_updated_at field
Hi,
When [this](https://docs.rootplatform.com/docs/actions#mark-policy-not-taken-up) action occurs, can you confirm whether the `status_updated_at` field on the policy will be updated to the date of the event?
We have an example of an event where this is not the case. The issue on our side (consuming the `policy_updated` event via a webhook) is that we don't know whether that status was updated at the time of the event of previously some time in the past.
Thanks
Posted by Albert about 1 year ago
Scheduled root export
Hi team
I am trying to setup a scheduled report to upload onto an SFTP. I have done this in the past and it has worked. For one of my reports I am getting this error. Please can you assist.
sftpConnect: client-socket error. Address lookup failed for host sftp.italkholidings.co.za
I have checked and the address is correct.
Posted by Ricky over 1 year ago
Policy Document Helpers
Good day
We see that a new feature has been released to allow sending of a policy document URL via a handlebars helper: <https://docs.rootplatform.com/docs/handlebars-helper-reference#policy-document-helpers>
We wanted to understand it before we start exploring it
Can you please advise on these questions:
1. `Enable/Disable:` Do we need to enable it somewhere or ask Root support to? If we need to enable it how do we do this?
2. `Access:` once the document has been opened once can it be accessed again?
3. `Security:` is the only security the client's ID number or is there some sort of challenge response mechanism every time they open it? Is there a way to configure this?
4. `URL:` do we need to shorten the URL or is this handled already by using the helper?
5. `Product/Policy number and other variables in the name:` Do we need to target a specific product? Looking at a recent change after running the Root cli seems to have added some sort of policy number to the policy doc name in the Root config
6. `Notification:` What does this notification look like? The above docs mention a notification, not really sure if this is intended for the client or the insurer
7. `Revoke access:` is there a way to expire the link once it has been sent out?
8. `Cancelled/NTU:` can policies in an NTU/cancelled state still have their documentation accessed? Are there any other restrictions preventing access?
9. `Terms Document:` can terms be exposed this way (the docs don't mention it)? If so what value do we use? If not are there plans to expose this?
10. `Hook:` is there a webhook for this?
11. `Testing:` given there are only notifications in prod, what is the best way to test this feature?
Posted by Yair 11 months ago
Payments API: How to specify finalized_at
Good day
We see example payment responses where there is a field called `finalized_at`.
The create-async and update-async payment apis make no mention of this field.
How would we specify this field?
Posted by Yair over 1 year ago
Requote alteration
Hi,
Is there a way to customize the requote alteration hook? I want to validate whether the policy being requoted has a specific field already present, and if so, requoting should not be allowed to continue.
I see a lot of documentation mention the old deprecated requote hook, but none describing the new Requote alteration.
Thanks
Posted by Albert about 1 year ago