Skip to main content
This guide shows you how to use ngrok to receive Autodesk Platform Services webhooks on your localhost app. By integrating ngrok with Autodesk, you can:
  • Develop and test Autodesk webhooks locally without deploying to a public environment or setting up HTTPS.
  • Inspect and troubleshoot requests from Autodesk in real time via the inspection UI and API.
  • Modify and replay Autodesk webhook requests with a single click instead of reproducing events manually in your Autodesk account.
  • Secure your app with Autodesk webhook validation provided by ngrok. Invalid requests are blocked by ngrok before reaching your app.

What you’ll need

1. Start your app

For this tutorial, you can use the sample Node.js app on GitHub. To install the sample, run the following in a terminal: 
git clone https://github.com/ngrok/ngrok-webhook-nodejs-sample.git
cd ngrok-webhook-nodejs-sample
npm install
Then start the app: 
npm start
The app runs on port 3000 by default. You can confirm it’s running by visiting http://localhost:3000. The app logs request headers and body in the terminal and shows a message in the browser.

2. Expose your app with ngrok

Once your app is running locally, you’re ready to put it online securely using ngrok.
The ngrok agent uses your authtoken to authenticate when you start a tunnel.
  • Start ngrok: 
    ngrok http 3000
  • Copy the URL ngrok displays. Your app is now exposed at that URL for use with Autodesk.

3. Configure Autodesk to send webhooks

Autodesk Platform Services can send webhook requests to your app when events occur. To register for those events:
  • Sign in to Autodesk Platform Services.
  • On the Platform Services page, click your avatar in the top-right, click Applications, then Create Application, enter a name in Name, and click Create.
  • In Client Credentials, copy Client ID and Client Secret for later use.
Click the eye icon to reveal Client Secret or use the copy icon.
  • In General Settings, paste the ngrok URL in Callback URL (for example, https://1a2b-3c4d-5e6f-7g8h-9i0j.ngrok.app).
  • In API Access, select Data Management API and Webhooks API, then click Save changes.
This tutorial uses Data Management as an example; you can select other APIs for different Autodesk services.
  • In a terminal, obtain an access token: 
    curl -v 'https://developer.api.autodesk.com/authentication/v1/authenticate' \
  -X 'POST' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=data:read'
    Replace CLIENT_ID and CLIENT_SECRET with the values you copied. Copy the access_token from the response.
  • Register a webhook with the Data Management API: 
    curl -X 'POST' \
  -v 'https://developer.api.autodesk.com/webhooks/v1/systems/data/events/dm.*/hooks' \
  -H 'Content-Type: application/json' \
  -H 'authorization: Bearer ACCESS_TOKEN' \
  -d '{
    "callbackUrl": "CALLBACK_URL",
    "scope": { "folder": "FOLDER_URN" },
    "hookAttribute": { "projectId": "PROJECT_ID" },
    "filter": "$[?(@.ext=='\''txt'\'')]"
  }'
    Replace ACCESS_TOKEN with your access token, CALLBACK_URL with your ngrok URL, FOLDER_URN with your Data Management folder URN, and PROJECT_ID with your project ID. The response should be HTTP/1.1 201.

Run webhooks with Autodesk and ngrok

Autodesk sends different requests depending on the event. For example, adding a file to a folder in Data Management triggers a webhook.
  • Open the folder you assigned to your webhook in Data Management, upload a text file, and confirm your localhost app receives a notification and logs both headers and body in the terminal.

Inspecting requests

ngrok’s Traffic Inspector captures all requests made through your ngrok endpoint to your localhost app. Select any request to view detailed information about both the request and response.
To avoid exposing secrets, accounts only collect traffic metadata by default. You must enable full capture in the Observability section of your account settings to capture complete request and response data.
Use the traffic inspector to:
  • Validate webhook payloads and response data
  • Debug request headers, methods, and status codes
  • Troubleshoot integration issues without adding logging to your app

Replaying requests

Test your webhook handling code without triggering new events from your service using the Traffic Inspector’s replay feature:
  1. Send a test webhook from your service to generate traffic in your Traffic Inspector.
  2. Select the request you want to replay in the traffic inspector.
  3. Choose your replay option:
    • Click Replay to send the exact same request again
    • Select Replay with modifications to edit the request before sending
  4. (Optional) Modify the request: Edit any part of the original request, such as changing field values in the request body.
  5. Send the request by clicking Replay.
Your local application will receive the replayed request and log the data to the terminal.

Secure webhook requests

ngrok can verify that incoming requests are from your Autodesk webhook so only that traffic reaches your app.
Webhook verification is limited to 500 validations per month on free accounts. If you need more, you can upgrade to Hobbyist or Pay-as-you-go. See TPU Pricing for details.
To add verification:
  • Register a webhook secret with the Autodesk API: 
    curl -X 'POST' \
  -v 'https://developer.api.autodesk.com/webhooks/v1/tokens' \
  -H 'Content-Type: application/json' \
  -H 'authorization: Bearer ACCESS_TOKEN' \
  -d '{ "token": "YOUR_WEBHOOK_SECRET" }'
    Replace ACCESS_TOKEN with your access token and YOUR_WEBHOOK_SECRET with a value you choose to sign each webhook request. The response should be HTTP/1.1 200.
  • Create a Traffic Policy file named autodesk_policy.yml. Replace {your client secret} with your Autodesk Client Secret: 
    on_http_request:
  - actions:
      - type: verify-webhook
        config:
          provider: autodesk
          secret: "{your client secret}"
  • Restart ngrok with the policy file: 
    ngrok http 3000 --traffic-policy-file autodesk_policy.yml
  • Upload a text file to the folder assigned to your webhook to trigger a request.
Your app should receive the request and log it in the terminal.