'x-hub-signature' header missing in webhook verify request

I’m implementing webhooks subscription flow using Node.js (koa@2). Everything works fine, though I’m not able to receive an ‘x-hub-signature’ header in verification request from Twitch. My request (using Postman):

curl -X POST \
  https://api.twitch.tv/helix/webhooks/hub \
  -H 'Client-ID: <client-id>' \
  -H 'Content-Type: application/json' \
  -d '{
	"hub.mode": "subscribe",
	"hub.topic": "https://api.twitch.tv/helix/streams?user_id=<user-id>",
	"hub.callback": "https://<url>.ngrok.io/wh/<user-token>",
	"hub.lease_seconds": "864000",
	"hub.secret": "<secret>"

As you can see, I’m using ngrok to tunnel requests to my localhost. This request resolves successfully and triggers verification request from Twitch to my /wh endpoint. It produces a valid query string:

GET /wh/<user-token>?hub.challenge=LK809Zt7ylQm-JwXe6a1_4PC9n-B7c9MG0KXK8WW&hub.lease_seconds=864000&hub.mode=subscribe&hub.topic=https%3A%2F%2Fapi.twitch.tv%2Fhelix%2Fstreams%3Fuser_id%3D<user-id>

But headers doesn’t contain ‘x-hub-signature’. Am I missing something?

The signature is just for the payload you receive with a POST request on an actual event on that topic.

The GET verify request doesnt have any signature you need to check instead you just echo back the challenge as plain text without any quotes or sth else.

Of course if you wish to do some checks on this, you could cache the topics you requested and check against that list on a GET verify request to cross check if its one of the topics you want if not just cancel the subsciption flow

Thank you for a quick response! Thats my miss then…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.