Getting Webhook to work with drop entitlments

I’m trying to integrate drops into my indie game, but I’m currently having some issues connecting a webhook to the “Drop Entitlement Grant” hook.

I’ve gotten everything working with the CLI tool with the mock data that is fed, even the challenge succeeds so that isn’t an issue.

I’ll show you the typescript code I’m using to request the webhook.

export const subscribeTwitchHook = async () => {
  const options = {
    method: "POST",
    url: ``,
    headers: {
      "Client-ID": TWITCH_ID,
      Authorization: "Bearer " + (await getToken()),
      "Content-Type": "application/json",
    data: {
      type: staticVars.twitchHookTypes,
      version: "1",
      condition: {
        organization_id: TWITCH_ID,
      transport: {
        method: "webhook",
        callback: "",
        secret: TWITCH_SECRET,
      is_batching_enabled: true,

  try {
    const { data } = await axios(options);
    console.log(`Twitch hook subscription: ${JSON.stringify(data)}`);
  } catch (err) {

I’ll clarify that the webhook is over https on port 443, the auth token I’m using is a client auth token.

Additionally i will post my code that requests the auth token.

const getToken = async (): Promise<string> => {
  if (clientToken && clientToken.expires_in > {
    return clientToken.access_token;

  try {
    const response = await"", {
      client_id: TWITCH_ID,
      client_secret: TWITCH_SECRET,
      grant_type: "client_credentials",

    clientToken =;
    clientToken.expires_in = + clientToken.expires_in * 1000;

  } catch (err) {
    return "";

The error I receive when I try requesting the webhook is.

    data: {
      error: 'Forbidden',
      status: 403,
      message: 'subscription missing proper authorization'

Seems like my auth token is invalid or maybe I’m missing something in the options when requesting my client token. Can anyone point me in the right direction?

Your organization_id in the condition and the client_id you generate a token with appear to use the same constant of TWITCH_ID

The organization_id in the condition is obtained from the URL when looking at your org in the developer console I believe.

Yes you are correct, something I figured out last night rereading the docs.

Thank you for the reply!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.