How to deal with Facebook's Verification requests on flask app

Question

Im setting up a flask app on Heroku to set up web hooks for phishing certificates pulling from Facebook's certificate transparency api. I am trying to get pass facebook's verification requests (facebook sending a GET request asking for hub.challenge) however I do not understand how to give them the required information. Before suggesting I use facebook's prebuilt Heroku app, I am doing this to learn.

I tried looking up more information on GET requests however this hasn't helped me solve this problem.

This is facebook's website on this. https://developers.facebook.com/docs/graph-api/webhooks/getting-started#verification-requests

@app.route("/facebook", methods=['GET', 'POST'])
if request.method == 'GET':
    def get_facebook(mode, challenge, verify_token):
        #not sure what to put in here

Answer 1

After reviewing the docs, a few pointers:

• You'll receive the request as a GET, so you won't need the 'POST' value in methods
• The values sent from Facebook will be request args, and can be accessed using request.args.get('e.g.')
• Facebook is expecting an int to be returned, which is up to you to decide what this is.

The result (disclaimer: this is untested!):

import datetime
from flask import jsonify

@app.route("/facebook", methods=['GET'])
def get_facebook():
    my_token = 'abc123' # The token you setup on the App dashboard

    if request.args.get('hub.verify_token') == my_token:
        # The token is valid, return the (current datetime as an int)
        # Assuming facebook is expecting a JSON result value
        return jsonify({'hub.challenge': int(datetime.datetime.now().timestamp())})


    return 'invalid', 403