Hashicorp Cloud - Notification Configuration with Token

I am trying this out, but I could not figure out what format is required for the token.

My callback API requires

POST /v1/api/callback/<my_generated_id>/callback HTTP/1.1
Host: http://my.example.host.com
Authorization: Bearer bfa620013597e9c30c179037ad74527a4956a561
Content-Type: application/json
{
  "payload_version": 1,
  "notification_configuration_id": "nc-123",
  "run_url": "https://app.terraform.io/api/v2/runs/run-234",
  "run_id": "run-234",
  "run_message": "Add five new queue workers",
  "run_created_at": "2019-01-25T18:34:00.000Z",
  "run_created_by": "sample-user",
  "workspace_id": "ws-xyz",
  "workspace_name": "my-workspace",
  "organization_name": "acme-org",
  "notifications": [
    {
      "message": "Run Planned",
      "trigger": "run:completed",
      "run_status": "planned",
      "run_updated_at": "2019-01-25T18:37:04.000Z",
      "run_updated_by": "sample-user"
    }
  ]
}

And I tried registering with below payload but I get a 401 error.

POST /api/v2/workspaces/ws-xyz/notification-configurations HTTP/1.1
Host: app.terraform.io
Authorization: Bearer <my-terraform-cloud-token>
content-type: application/vnd.api+json
{
  "data": {
    "type": "notification-configurations",
    "attributes": {
      "destination-type": "generic",
      "enabled": true,
      "name": "My Integration",
      "token": "bfa620013597e9c30c179037ad74527a4956a561",
      "url": "http://my.example.host.com/v1/api/callback/1122334455/callback",
      "triggers": [
        "run:applying",
        "run:completed",
        "run:created",
        "run:errored",
        "run:needs_attention",
        "run:planning"
      ]
    }
  }
}

Response

{
    "errors": [
        {
            "status": "400",
            "title": "Verification Delivery Error",
            "detail": "Verification failed with the error: 401. Check that your URL is correct."
        }
    ]
}

It looks like your callback API is expecting a bearer token authorization header. Unfortunately, Terraform Cloud notifications do not support an authorization header on outbound requests.

The documentation you linked to uses a stored token to generate an HMAC signature of the request, which allows your callback API to verify that the notification came from your Terraform Cloud configuration. This would need to be implemented on your end to process the X-TFE-Notification-Signature header. This is different from bearer authentication.

Sorry that I don’t have an easy solution, but I hope you can modify your callback API to work with Terraform Cloud notifications!

I think the reason is the schema which you used on the receiver side.

When create the notification configuration in a workspace over API. Terraform Cloud sends test to the destination URL automatically.

Since most of the properties’ values are NULL in the testing payload, but all properties’ values are STRING in the actual payload, so the test fails if your JSON schema is for the actual payload.

I faced the same issue. Please try to use the following one:

{
“type”: “object”,
“properties”: {
“payload_version”: {
“type”: “integer”
},
“notification_configuration_id”: {
“type”: “string”
},
“run_url”: {},
“run_id”: {},
“run_message”: {},
“run_created_at”: {},
“run_created_by”: {},
“workspace_id”: {},
“workspace_name”: {},
“organization_name”: {},
“notifications”: {
“type”: “array”,
“items”: {
“type”: “object”,
“properties”: {
“message”: {
“type”: “string”
},
“trigger”: {
“type”: “string”
},
“run_status”: {},
“run_updated_at”: {},
“run_updated_by”: {}
},
“required”: [
“message”,
“trigger”,
“run_status”,
“run_updated_at”,
“run_updated_by”
]
}
}
}
}