Webhook returning 401 in Rails

Question

I have created a webhook using Fluidsurveys which corresponds to this controller:

    class HooksController < ApplicationController
  skip_before_filter  :verify_authenticity_token

  def response_created_callback
    # If the body contains the score parameter...
    if params[:_completed].present?
      # Create a new Response object based on the received parameters...
      response = FluidsurveysResponse.new(:completed => params[:_completed])
      response.invite_email = params[:_invite_email]
      response.locale = params[:_locale]
      response.key = params[:_key]
      response.webhook = params[:webhook]
      response.survey_name = params[:survey_name]
      response.username = params[:_username]
      response.weighted_score = params[:_weighted_score]
      response.completion_time = params[:_completion_time]
      response.ip_address = params[:_ip_address]
      response.num_responses = params[:num_responses]
      response.survey_id = params[:survey_id]
      response.invite_name = params[:_invite_name]
      response.language = params[:_language]
      response.referrer = params[:_referrer]
      response.fs_created_at = params[:_created_at]
      response.fs_updated_at = params[:_updated_at]
      response.survey_url = params[:survey_url]
      response.fs_id = params[:_id]
      response.collector_id = params[:_collector_id]
      response.comment = params[:Comment]
      response.nps_score = params[:NPSScore]
      response.save!
    end

    # The webhook doesn't require a response but let's make sure
    # we don't send anything
    render :nothing => true
  end

end

The webhook seems to work fine, as I see this in my logs:

2014-01-20T13:49:01.231772+00:00 app[web.1]: Started POST "/hooks/response_created_callback" for 184.107.171.218 at 2014-01-20 13:49:01 +0000
2014-01-20T13:49:01.327989+00:00 app[web.1]: Processing by HooksController#response_created_callback as */*
2014-01-20T13:49:01.328149+00:00 app[web.1]:   Parameters: {"_invite_email"=>"N/A", "_locale"=>"298", "_updated_at"=>"2014-01-20 13:49:00.738850", "_language"=>"en", "_key"=>"b5ec09680a4274cec0052d4049bec338a906e5b8", "webhook"=>"event", "survey_name"=>"Test", "_referrer"=>"http://fluidsurveys.com/surveys/marketing/test-nps-for-dc/", "_username"=>"marketing", "survey_url"=>"http://fluidsurveys.com/surveys/marketing/test-nps-for-dc/", "_id"=>"39164209", "_created_at"=>"2014-01-20 13:49:00.243640", "_weighted_score"=>"0.0", "_completion_time"=>"00:00:00", "_completed"=>"1", "_ip_address"=>"66.192.31.1", "yptmAoJw6i"=>"Detractor: 0", "num_responses"=>"261", "survey_id"=>"263692", "_extra_info"=>"weighted_score", "_invite_name"=>"N/A"}
2014-01-20T13:49:01.369963+00:00 app[web.1]: Completed 401 Unauthorized in 41ms

As you can see, the post gets made to the right controller action. The route is setup correctly, but I get a 401 error. I don't understand what authentication needs to happen here...The params are getting passed to the controller, and in my mind I see no need for my app to authenticate anything. It receives a request, does what it's told, and then it's done.

What am I missing here that is causing the 401 error?

EDIT:

After remove skip_before_filter :verify_authenticity_token from my controller, I get this error:

Can't verify CSRF token authenticity
2014-01-20T16:07:12.222512+00:00 app[web.1]: Completed 422 Unprocessable Entity in 28ms
2014-01-20T16:07:12.225905+00:00 app[web.1]:
2014-01-20T16:07:12.225905+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

Answer 1

The issue is that I am using devise for user authentication, and my app was blocking the post request because there were no authentication credentials being passed to my controller.

By adding this line to my controller I solved the issue:

skip_before_filter :verify_authenticity_token, :authenticate_user!