Webhook for smartthings not reachable

frakman1 · March 6, 2024, 4:15am

I ran into the same problem and although these posts helped point me in the right direction, my solution was slightly different.

TLDR; I had to change the Security Level under Security->Settings from “I’m Under Attack!” to “Medium” (I didn’t try any of the other levels)

Some background:
Once I got the personal access token from the SmartThings page, I used it in the Home Assistant Integration setup and got an error in the UI like: SmartThings could not validate the webhook URL…
In the logs:

ERROR (MainThread) [homeassistant.components.smartthings.config_flow] API error setting up the SmartApp: 
{'requestId': 'xxx', 'error': {'code': 'ConstraintViolationError', 'message': 'The request is malformed.', 'details': 
[{'code': 'TargetNon200Error', 'target': 'https://homeass.xxx.com/api/webhook/xxxxx', 
'message': 'Target did not respond with a 200 status. Upstream status code=403', 'details': []}]}}

In CloudFlare, I traced it to this error under Security->Events:

The Action taken of ‘Managed Challenge’ was tripping Home Assistant up. I already tried disabling the Bot Fight Mode and tried adding a WAF Skip rule matching the /api/webhooks path but that didn’t work. It turned out that the ‘Security Level’ Service was kicking in and that comes in before the custom rules added in WAF.

It was not clear from the ‘Traffic Sequence’ box on the right where this came in but apparently it supercedes everything. When I went under Security->Settings, the first entry was for Security Level and changing that fixed it:

baldunderwear · March 14, 2024, 8:09pm

Was cloudflare! Thanks for the post. Fixed my issue.

alexit84 · April 1, 2024, 8:55am

Hello everyone,
I had the same issue and I tried every hits here without any luck, before finding my own one.
I have my own domain and SSL, issued by third party. No Cloudflare.

In my cause it was a TLS/SSL validation issue

First I checked on SSL Certificate Checker - Diagnostic Tool | DigiCert.com. It said my TLS chain could be not totally trusted by everyone
I found this How to Install SSL Certificate on NGINX Server which pointed me out to the right direction: creating a crt bundle, merging SSL domain certificate and intermediate + CA certificate in a single fullchain.pem cert file
I updated the new fullchain.pem file on my HA and rebooted
Smarthings registration could be finally be completed!

Hope it could help someone else.

Alain_Raymond · April 14, 2024, 6:58pm

Hi, I recently added some country restrictions on cloudflare and just found that this was why smartthings stopped working. May I ask you how you can add this /api/webhook exception to my WAF rule on cloudflare?

edit:
NVM, I think I figured out.

JaCh0o · May 28, 2024, 11:05pm

Same here. Currently got public ddns thru synology.me with reverse proxy. For now I can access remotely to main page but can’t to /api/… can some tell me should I add additional settings there? Already added external and internal IP

h2GLcRo4lmlC · July 1, 2024, 8:01am

I tried all the suggestions from previous replies and didn’t work and started looking at my cloudflare config after reading this one. Turns out I had to lower the minimum TLS version from 1.3 to 1.2 and then it worked.

ch.huber.89 · July 26, 2024, 3:59pm

Hello.

I am unfortunately not very well informed about the settings, what have you changed on the Synology NAS?

Lucas_Rey · August 18, 2024, 7:06am

DAMN! After several days I figured out what was the problem thanks to your post. In my case I created a WAF rule on Cloudflare who accepts only connection coming from my country. I had to temporary disable that rule as Smartthings connection is coming from Ireland. THANK YOU!

ncp1113 · September 1, 2024, 3:35pm

This is the only thing that works!!! Other examples of external_url did not tell me to put in the port. Thanks for pointing that out.

Steph21 · September 26, 2024, 8:34pm

Thank you so much. It is working. I was just missing the “:8123” for external

feci2048 · October 18, 2024, 3:37pm

I had this issue, but in a slightly different setup. I run Home Assistant as docker container. I have a DDNS domain name, the router forwards the external port to an internal apache2 site (where the Let’s encrypt certificate is installed), apache2 strips the TLS and proxies it to the home assistant docker instance on port 8123 (without TLS). The issue in my case was:

ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 172.30.0.1, but your HTTP integration is not set-up for reverse proxies

After adding the IP to configuration.yaml as:

http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.0.1

I was able to set up the Smartthings integration.

ward0 · November 16, 2024, 6:22pm

Same question, did you find a solution?

andrew-rinato · November 24, 2024, 6:36pm

this was it for me! thanks!

Pandabeer40 · December 8, 2024, 8:36pm

I’m also looking for this! I have reverse proxy on port 444 - so my external https address looks like:

https://xxxx.xxxxxxxxxx.synology.me:444 - acces from outside works like a charm, but running SmartThings on Home Assistant running on VM Synology gives errors on webhook

cisco · December 20, 2024, 9:28pm

Same here, reverse proxy on a different port. (bit different in my case, using 2 synology on my network, running HA on one but the reverse proxy has been done from the other one, everything managed well in the firewall settings on the synos, also on my udm pro se as well)
External access also working good but I can not figure out how can I make smart things integration run.
Tried many different workarounds, still the same.
‘Smartthing could not validate the webhook URL’

Do somebody has an idea? What can I do to make this work?