Security error when calling external API via webhook

Question

I am attempting to call a 3rd party API via webhook and currently getting the following security-related error (Quickbase support provided me the logs containing the error)

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

From research this appears to be related to invalid/missing/mismatch certs. I was able to get the cert from the host system that is exposing the API- so the question now becomes if there is anyway for Quickbase to configure the cert on their side (if that's even relevant)

Quickbase support pointed me to the 'community' for input.

Thanks.

hhersch · Answer

Hi Scott. Does the other service have a valid SSL certificate? It is correct than Quick Base cannot officially support another endpoint but I'm happy to try and offer some guidance.

scottpugh · Answer

They refer to their cert as a 'wildcard cert'.&nbsp; &nbsp;I did export the cert and when viewing it does give messages like "Windows does not have enough information to verify this certificate"&nbsp; &nbsp; The endpoint I am trying to hit is a development system endpoint (not production).&nbsp; &nbsp; &nbsp; The challenge is that if I take the same parameters and request json into another tool like Postman I am able to successfully make the call without doing anything related to the cert.

hhersch · Answer

A wildcart cert is fine. If it is dev, it is possible they are using a self-signed certificate rather than coming from a trusted authority, which Quick Base will not be able to validate. It works fine from your local PC via Postman because there is no additional security check occurring there. If you run the domain against SSL Labs, what is the result? If you aren't comfortable sharing the domain publicly, let me know and I'll reach out to you via email (I found the case).

hhersch · Answer

Hi. I found the domain in the ticket and confirmed the certificate exists but is invalid for numerous reasons. For the security of everyone on the Quick Base platform, we are only able to connect to valid HTTPS endpoints that are properly secured. This protection helps to keep you and your data safe. I'd suggest reaching out to the service provider to see if they can install a proper certificate on that web server.

Feel free to let us know of other questions or concerns.

scottpugh · Answer

Harrison-&nbsp; Many thanks for your help.&nbsp; I will work with the provider to install a valid cert.Thanks again.

Forum Discussion

Security error when calling external API via webhook

Related Content

Secure Links for Instant Access and Full Control

Nesting URL API Calls in one Button

Tracking calls

Empower 2025, Call For Speakers and Date/Location Reveal

URL Formula Button w/ Two API Calls