I thought the above access token request will make it easier for me to generate access token as cloudfare blocks selenium logins, so whatsapp notification for approval is acceptable alternative where server will send the request and we have to just approve via whatsapp.
{“status”:“error”,“errors”:[{“errorCode”:“UDAPI10000”,“message”:“This request is not supported by Upstox API”,“propertyPath”:null,“invalidValue”:null,“error_code”:“UDAPI10000”,“property_path”:null,“invalid_value”:null}]}
Could you please help how to make the above flow working, how to get whatsapp notification to approve the request and streamline the login process.
Thanks it makes sense to add content-Type missed it, how to locally provide the notification url, should i use ngrok or you have some better recommendation, basically what I want is to trigger the request locally and approved via whatsapp and get access token locally before deploying to the server.
as it fails with invalid
“message”:“Invalid notifier url”
You can certainly use tools like ngrok, but it must comply with our organization’s firewall rules. Otherwise, it may be blocked for security reasons, and you won’t receive any updates.
If your goal is just to inspect the received webhook payload, you can use online tools like Webhook.site.
Thanks for this i tested with webhook.site it works.
But for server I have purchased a domain, now my only concern is how to secure it, because people can figure out that a particular endpoint is available for any POST. do you have specific ips that i can whitelist, although I will make the url totally random and unpredictable but you never know as it is on internet and i am not an expert of security practices related related to reverse proxy. although i will only allow POST to that endpoint and disable rest of the endpoint except index.html.
any suggestions, because I believe due to this webhook security of entire VPS might be at risk as I am accepting incoming connections due to this webhook setup.
Need help I am stuck with this as I am not receiving the access token, the endpoint works for my site and it is having certs. So not sure why not receiving any access token requests from your end, my reverse proxy logs does not show any activity from your end after I approve the access token request through Whatsapp.
@athma_prathisti It looks like this is a newly registered domain that our firewalls have flagged as suspicious.
Is there a specific reason for the random number in the domain name? If possible, I suggest using a more structured alphanumeric domain and give it for whitelisting.
Numeric domains are cheaper to get, why would I purchase a costlier domain for this. Please whitelist this domain as I purchased it for very long term.
I had no intention of purchasing any domains but I think most of the vendors will follow your approach, Hence thought of purchasing one domain for all.
Please be advised that, according to protocol, we do not make system changes during market hours to prevent any errors (this change is not at Cloudflare but in the firewall). Rest assured, your request will be processed by the end of the day (EOD).