I’ve been using EventSub webhooks on Twitch for several months to be able to respond to some things happening in chat. I recently decided to subscribe to some Channel Point events as well but the webhook_callback_verification fails every time now.
I can see the headers and body that Twich sends after I subscribe and I can see the challenge text. I send back headers “HTTP/1.1 200 OK”, “Content-Type: text/plain” and “Content-Length: ##” (whatever the length of the challenge text is" and then output the challenge text into the body of the response. This has worked with every previous subscription in the past, but now no longer works for anything I try to subscribe to, even the channels I’m already subscribed to. Did something change? Should I be doing something different?
My server is using PHP and I use header() to send each line of the header and echo() for the response text.
Nothing has changed.
Check you are using the correct secret for the subscription you created (ie when you made the HTTP POST call to request the subscription).
Check you are using the RAW POST body.
The request to subscribe goes through fine and when I receive the webhook verification test, it does obtain the raw post body using “php://input” and automatically checks authenticity by checking the signature sent vs using the secret, id, time, and body. The webhook is received flawlessly and authenticated, it’s just that Twich is having problems receiving my response, which should only be a status of 200 and the challenge text it sent with the webhook verification.
I do both of these, as my output log confirms, but the test fails somehow. I’ve confirmed that there are no extra space or anything printed anywhere in the response, it’s just the challenge text, exactly as it’s sent to me.
have you tried using the CLI to confirm that your endpoint is working as expected.
Is the request actually hitting your servers? Do you see it in access logs?
Is your SSL still valid and “real”/not self signed.
Are you behind cloudflare or other firewall solutions and they are blocking in error?
Since using PHP, is PHP correctly configured to supress any warnings/errors for production that might echo out to Web?
I have not tried using the CLI (it seems like there’s more steps involved in doing this than I expected).
My server is receiving the webhook, both headers and its body (note that all other subscribed webhooks still work flawlessly receiving data and then performing actions). SSL is still valid on my domain.
I do see on my latest attempt that the bytes returned to Twitch were 46 when the strlen() of the challenge text was 44, so there might be something extra happening somewhere? But there are no warnings/errors being echoed.
twitch event verify-subscription cheer -s "THESECRET" -F "https://yoururl/"
thats it to test your endpoint
If so thats on you/yourside there.
An errant ok being output?
✗ Invalid response. Received 394662dc-0474-bbd2-9a43-5bfd41434505 as body, expected 394662dc-0474-bbd2-9a43-5bfd41434505
Installed CLI and tested. I’m not sure exactly what’s happening here. Might just be an extra space somewhere, but I can’t seem to locate where one would be coming from
CLRF/line or other hidden char?
Like you save the file and accientally put
<?php
This only effects challenge requests, hence you existing subs still ticking coz they get the a 2xx don’t care about the body for “data sending requests”
Valid response. Received challenge 45af81bb-4bd5-645c-b2e5-937f635296a9 in body
Valid content-type header. Received type text/plain with charset UTF-8
Valid status code. Received status 200
I had an include file at the very top of my PHP file that SHOULDN’T have printed anything to the body, but for some reason, it does. I’ve moved it to the location where the inlcude is actually needed, as it’s not needed with every request, that seems to have solved it!
Thanks for accompanying me on this journey lol
Testing actual eventsub subscription: “status”: “enabled”