Drives me crazy… why is there a key mismatch on the events sub?
2025-02-21 17:02:12 | - NEW RECORD ---------------->
2025-02-21 17:02:12 | Starting POST data processing…
2025-02-21 17:02:12 | Protocol: sha256
2025-02-21 17:02:12 | TW Incoming Payload Data: {“subscription”:{“id”:“8978d079-2b6c-4978-95ae-ed6cda59b*”,“status”:“enabled”,“type”:“stream.offline”,“version”:“1”,“condition”:{“broadcaster_user_id”:“93854***”},“transport”:{“method”:“webhook”,“callback”:“https://api.raidpal.com/eventsub/***"},“created_at”:“2025-02-20T21:04:58.897436485Z”,“cost”:0},“event”:{“broadcaster_user_id”:“93854624”,“broadcaster_user_login”:“slisthesn***”,“broadcaster_user_name”:"slisthesn***”}}
2025-02-21 17:02:12 | Result Array: Array
(
[0] => Array
(
[id] => 10753
[date] => 2025-02-21 12:22:50
[broadcaster_id] => 93854***
[secret] => ****
[subscription_type] => stream.offline
[status] => 2
)
)
2025-02-21 17:02:12 | Processing subscription.
2025-02-21 17:02:12 | Twitch signature: **
2025-02-21 17:02:12 | Our signature: ***
2025-02-21 17:02:12 | Signature mismatch, eventsub [id]: , requested subscription type: stream.offline
The usual fault here is you didn’t use the raw body to construct the sigurnature.
also you leaked your webhook secret and the webhook URL. Which is not ideal
$raw_twitch_signature = $headers[‘twitch-eventsub-message-signature’];
[$protocol, $twitch_signature] = explode(‘=’, $raw_twitch_signature, 2);
$twitch_message_id = $headers[‘twitch-eventsub-message-id’];
$twitch_event_timestamp = $headers[‘twitch-eventsub-message-timestamp’];
$our_signature = hash_hmac($protocol, $twitch_message_id . $twitch_event_timestamp .
$raw_data, $sub[‘secret’]);
log('Twitch signature: ’ . $twitch_signature);
log('Our signature: ’ . $our_signature);
And it differs…
PHP to confirm yes?
How is $raw_data collected?
You can compare to my PHP example twitch_misc/eventsub/webhooks/php/index.php at main · BarryCarlyon/twitch_misc · GitHub if that helps
Thanks Barry.
It worked before. Guess it is something else.
Can Twitch get overloaded by too much subs?
It doesnt kill the idles.
that would not have an affect on signature generation and verification
You are so fast.TY.
Subscription already exists, I try to create a new one and subscribe when it is created before.
On this, maybe I should delete the existing sub first on Twitch and then create a new one for this user.
Why are we trying to recrate the subscription when the issue is signature verification?
But yes to recreate the subscription with the same details will need the old one to be deleted first
edit: unless the sub is with a different webhook secret
In case we lost the original secret, we cannot reverse. We need to recreate w/ a new secret.
How do I get a list of subscriptions for a specific user?
I found this, and works fine!
$chs = curl_init(‘https://api.twitch.tv/helix/eventsub/subscriptions?user_id=’ . $sub[‘broadcaster_id’]);
curl_setopt($chs, CURLOPT_RETURNTRANSFER, true);
curl_setopt($chs, CURLOPT_POST, false);
curl_setopt($chs, CURLOPT_HTTPHEADER, $headers);
$rs = curl_exec($chs);
$is = curl_getinfo($chs);
curl_close($chs);
$rs_arr = json_decode($rs);
Now you get a list of the user’s subscriptions.
Everything works fine now @BarryCarlyon
Thanks again for your kind support!