I’ve been working on some Webhook iterations with HipChat.  What’s frustrating is that registered webhooks cannot be used with HTTP Basic Auth.

What is Basic Auth?  That’s simply using some username and password to protect a URL.  Remember the URL pattern (defined hella years ago?).

http://user:pass@host/path?query#fragment

Well, try that with HipChat – it just doesn’t work

Here’s some POST and Responses I captured between my API and HipChat.

POST /v2/room/edoceo/webhook HTTP/1.1
User-Agent: Edoceo Radix HipChat Interface
Accept: */*
Authorization: Bearer XXXXX
Host: api.hipchat.com
Content-Type: application/json
Content-Length: 125

{
 "name":"BrokenShit",
 "event":"room_message",
 "pattern":"!epic fail",
 "url":"http://base:auth@onxdoy.com/api/hook/hipchat"
}

And here’s the response, indicating an issue with the URL.

HTTP/1.1 400 Bad Request
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 06 Oct 2014 03:03:50 GMT
Server: nginx
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 97
X-Ratelimit-Reset: 1412564640.0
Content-Length: 115
Connection: keep-alive

{
 "error": {
  "code": 400,
  "message": "Field url must be an absolute URL",
  "type": "Bad Request"
 }
}

And the same request, just removing the little HTTP auth from the URL I’m trying to hook.

POST /v2/room/edoceo/webhook HTTP/1.1
User-Agent: Edoceo Radix HipChat Interface
Accept: */*
Authorization: Bearer XXXXXX
Host: api.hipchat.com
Content-Type: application/json
Content-Length: 106

{"name":"BrokenShit2","event":"room_message","pattern":"","url":"http://onxdoy.com/api/hook/hipchat"}

And the response, which indicates success.

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 06 Oct 2014 03:03:51 GMT
Location: https://api.hipchat.com/v2/room/edoceo/webhook/191632
Server: nginx
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 96
X-Ratelimit-Reset: 1412564640.0
X-XSS-Protection: 1; mode=block
Content-Length: 90
Connection: keep-alive
 
{"id": 191632, "links": {"self": "https://api.hipchat.com/v2/room/edoceo/webhook/191632"}}