Insecure report URL from report API callback

Braian_Pita · December 27, 2023, 4:49am

Hi,

I have setup a workflow for sending automated reports that is as follows:

A “Generator” workflow that gets a specific dashboard and send a request to “https://api.losant.com/dashboards/{{APP_ID}}”
with the following body:

{
  "callbackUrl":"{{MY_CALLBACK}}",
  "subject": "Dashboard Report",
  "message": "Monthly Report",
  "time": {{data.now}},
  "theme": "light",
  "timezone": "America/Chicago",
  "locale": "en-us",
  "branded": false,
  "ctx": {
    "experienceUser" : "{{data.experienceUser.id}}",
    "deviceId": "{{data.device.deviceId}}"
  }
  
}

This sends a request to generate a report and then it sends the result to “MY_CALLBACK” url. This URL is a losant webhook which triggers another workflow. In this workflow I send an email using “{{data.body.downloadUrl}}” as my url for the report.

Everything works great, except for one issue: The report url it generates is of the format “http://url803.mydomain.com/ls/click?upn={{random string}}” which is an insecure URL, which causes the browser to warn you when you try to download it from the email.

Am I doing something wrong, or should I be doing this on a different way? I need to follow this workflow to be able to use SendGrid, and I can’t seem to be able to find an option on the schema to get an https download URL.

This is the reference schema for the send report API:
Dashboard Send Report Schema | Losant Documentation

Dylan_Schuster · December 27, 2023, 2:26pm

You’re saying that the URL to the report that is provided in the body of the callback request to the webhook is in an insecure format? For me - and as I would expect for all users - this is of the format https://storage.google-apis.com/....

If so, I will have to investigate further. If not that property, can you clarify where this is coming from? A screenshot of your workflow and the URL where it is appearing would help.

Braian_Pita · December 30, 2023, 2:56am

Thank you for your response,

After investigating further I realized that I indeed get a link of this format in the workflow. The issue was when I send the emails with the sendgrid block. By default, sendgrid has tracking enabled for URL clicks. They would rewrite the urls in http unless you enable SSL for this. Here is some extra information about it:
Enabling SSL for Click and Open Tracking for Your Account – SendGrid - support.sendgrid.com/

Thank you for the help!

Topic		Replies	Views
Send dashboard report using HTTP Bug Report dashboard , http	4	491	February 16, 2022
How to create a custom report Help dashboard , workflow	3	180	October 24, 2023
Exporting data to an URL Help workflow	4	308	July 21, 2022
[Solved] Lost access to data even though I didn't change anything Help dashboard , workflow	17	951	May 31, 2019
Webhook payload to dashboard Help dashboard , workflow	2	967	September 21, 2020

Insecure report URL from report API callback

Related Topics