I have a scenario that passes payment information received from Mollie to Zoho: Mollie triggers a webhook in Make, Make enriches the information, and Make calls a Zoho webhook/API.
After the first call (for a certain payment) I am experiencing ‘replays’: Zoho receives exactly the same JSON a couple of times more. This looks like a replay attack to me, and I’m wondering what I can do to prevent this.
Thanks for your message. Yes, I checked the scenario history and I can see that the last scenario execution was at 17:17:48.
The Zoho webhook/API was called at 17:18:19. That’s OK. But it was called again at 17:53, 17:55 and 17:56, with exactly the same JSON being presented to the Zoho webhook/API.
Here’s a screenshot of the scenario to illustrate the enrichment. When Mollie calls the Make webhook, it only provides a payment link id. First there’s a sleep of 30 seconds to allow some time for Mollie to get it’s administration in order. Then, based on the payment link id, there’s a HTTP request to Mollie to get information about the payment. Following that, a HTTP request is done to Mollie to get information about possible refunds that were done. The result is then sent to Zoho by calling a Zoho webhook, and an informational row with data is added to a Google sheet.
I’m not sure how to prevent the seemingly replay attacks that take place after the initial call of the Zoho webhook.
What I can think of is:
adding a date/time field to the JSON so that Zoho can check whether it has already received the JSON recently
adding an MD5 hash based on the Amount fields to detect tampering with the numbers
Ok but is it the same webhook being received several times in a row? The entire scenario running again and again on the same data? Or is it one execution inside of which the Zoho module is being called several times?
If its the first case - you can store what was received already in a data store and then check if this was already processed. You can also check on Mollie’s side why its sending the same webhook several times in a row.
If its the second - send a screenshot of the execution history so we can see what is causing the retrigger.
So the scenario was executed (once) at 17:17:48 and at the end of the scenario a HTTP request for the Zoho webhook was done (once). Following that, out of the blue, the Zoho webhook was called another three times.
Yeah, 3 times, a couple of days ago it also happened a number of times. It’s a custom function configured as an API.
It’s a pity that Zoho doesn’t provide a log of incoming API calls specifying the originating IP-address.
Anyhow, I’m pretty sure that it’s a replay attack. I have created quite a few webhooks in Zoho and this is the first time that I’m experiencing this phenomenon.
I am now having Make create a MD5 hash for relevant fields and checking that in the Zoho function. This way allows me to detect illegitimate changes.
Hi, thanks for your message. The execution time of this scenario is cause for a large part by the 30 seconds sleep that I built in. This is necessary to allow Mollie some time to get it’s administration in order: at the time the scenario is triggered by Mollie, it appears that Mollie has it’s administration not yet in order: payment value fields that should be filled are still 0.00.
What is your goal?
What is the problem & what have you tried?
Error messages or input/output bundles
