Webhook Verification Failed

  • 1
  • Problem
  • Updated 5 months ago
  • Solved
  • (Edited)
I'm trying to 'verify' a webhook URL and it doesn't seem to work.
  •  I'm using ngrok
  • I verified with hurl.it that my response contains the sent validation-token


The response I get back when clicking on the 'verify' button in the dev console is about the validation token:

  1. message:"BOT_WEBHOOK_VERIFY_ERROR_VALIDATION_TOKEN_ERROR"
  2. status:"FORBIDDEN"

Any idea on how to fix it?
Photo of Mg

Mg

  • 180 Points 100 badge 2x thumb

Posted 5 months ago

  • 1
Photo of Tyler Long

Tyler Long, Official Rep

  • 6,288 Points 5k badge 2x thumb
Where do you get the validate token? It should be identical to the validation token in request header.

And please don't use verification token as validation token.
Photo of Mg

Mg

  • 180 Points 100 badge 2x thumb
Hi Tyler, yes, it's the same as the one in the header. 

The code I used is pretty simple, it's a simple endpoint that just reads and add the verification token to the request header.

I printed the request + headers to be certain. Here's an example:

POST HTTP/1.1
Content-Length: 0
Validation-Token: AZ9VQGL4VUNZ
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_121)
X-Forwarded-Proto: https
Host: xxxxxx.ngrok.io
X-Forwarded-For: 999.999.999.999
Accept-Encoding: gzip,deflate
Verification-Token: 1balEEpx08pgopU6wLkGskflb0JInjm0


The tokens seem to be the same in the request and in the response's header.
(Edited)
Photo of Tyler Long

Tyler Long, Official Rep

  • 5,996 Points 5k badge 2x thumb
You are using verification toke as validation token.

Validation-Token: AZ9VQGL4VUNZ    vs.   Verification-Token: 1balEEpx08pgopU6wLkGskflb0JInjm0

Do you see the difference?
Photo of Mg

Mg

  • 180 Points 100 badge 2x thumb
Ah, indeed, that was the problem. Thanks!