Account Activity API - Create Webhook Issue

oauth
api
webhooks
account-activity

#1

Hey all,

A week ago I started working with Account Activity API, already got access in January.
I’ve had almost every possible error: 261, 89, 215

EDIT:
I found this Node JS version, everything works just fine with that, i test it out and im able to set the webhook up.
I tried to rewrite the same call in ruby but i just canno get it working there, anyone who has done it?

GITHUB - twitterdev/twitter-webhook-boilerplate-node

**/helpers/auth.js**
auth.twitter_oauth = {
  consumer_key: nconf.get('TWITTER_CONSUMER_KEY'),
  consumer_secret: nconf.get('TWITTER_CONSUMER_SECRET'),
  token: nconf.get('TWITTER_ACCESS_TOKEN'),
  token_secret: nconf.get('TWITTER_ACCESS_TOKEN_SECRET')
}
auth.twitter_webhook_environment = nconf.get('TWITTER_WEBHOOK_ENV')

**/routes/webhook.js**
var request_options = {
	url: 'https://api.twitter.com/1.1/account_activity/all/' + auth.twitter_webhook_environment + '/webhooks.json',
	oauth: auth.twitter_oauth,
	headers: {
		'Content-type': 'application/x-www-form-urlencoded'
	},
	form: {
		url: req.body.url
	}
}

return request.post(request_options)

This is my ruby version, what do i forgetting there?

oauth = {
  consumer_key: ENV["TW_CONSUMER_KEY"],
  consumer_secret: ENV["TW_CONSUMER_SECRET"],
  token: ENV["TW_CONSUMER_KEY"],
  token_secret: ENV["TW_CONSUMER_SECRET"]
}

url = "https://api.twitter.com/1.1/account_activity/all/env-beta/webhooks.json"
body = "url=https://29a44f00.ngrok.io/twitter/webhook"
headers = {
  "Content-Type": "application/x-www-form-urlencoded",
  "Authorization": oauth
}
response = HTTParty.post(url, body: body, headers: headers)

I also tried to to run auth with "Authorization": "Bearer token" trough /oauth2/token request, but that also didn’t worked.

Thanks a lot for any help and suggestions. @andypiper


#2

Hey @andypiper, you helped me with a problem last week. Its SO difficult to get someone from @TwitterDev or the support team to help.

Can you please take a look at this above or someone from your team take a look to offer some direction??


#3

Take a look at the Snowbot example - that is implemented in Ruby and may provide some clues for you. The only thing is that you’ll need to adapt it to use the All Account Activity API (it currently uses the Direct Message only API).


#4

Thanks for that ruby example… @andypiper
I was able to get the pieces i need from there, get authentication and also get webhook config returned as empty array, but set up webhook still wont work…

2.4.1 :001 > TaskManager.new.set_webhook_config('https://304b0c2c.ngrok.io/webhook/twitter')
Setting a webhook configuration...
POST ERROR occurred with /1.1/account_activity/all/env-beta/webhooks.json?url=https://304b0c2c.ngrok.io/webhook/twitter, request:
Error code: 401 #<Net::HTTPUnauthorized:0x007f96aa24b498>
Error Message: {"errors":[{"code":32,"message":"Could not authenticate you."}]}

Does it have to do something with oauth, tokens or crc?


#5

Hi there,
I doubt this is a CRC issue, as that error explicitly indicates when your CRC response is too slow/not formatted correctly.

When you are setting the webhook, are you including both the consumer key/secret in addition to the user access keys/secrets? If not, please try that using the user access tokens generated for the app you are using to authenticate.

Hope that helps!


#6

Thanks for a response, a wasnt including it at all. @snowman
When i was testing that Node JS example there wasnt any authentication at all.
What the auth object should look like with the user token and secret?

#<OAuth::AccessToken:0x007f837d9fb660 @token="", @secret="", @consumer=#<OAuth::Consumer:0x007f837d9fb7c8 @key="", @secret="", @options={:signature_method=>"HMAC-SHA1", :request_token_path=>"/oauth/request_token", :authorize_path=>"/oauth/authorize", :access_token_path=>"/oauth/access_token", :proxy=>nil, :scheme=>:header, :http_method=>:post, :debug_output=>nil, :oauth_version=>"1.0", :site=>"https://api.twitter.com/"}>, @params={:oauth_token=>"", :oauth_token_secret=>""}>

This is what the object look like after getting api access.
I tried to change those variables to user token and secret but i get same result:

@keys['access_token'] = user_token
@keys['access_token_secret'] = user_secret

Is there any example how the whole object should look like? Because it seems like everyone one is using Enterprise access and its completely different.


#7

Thanks for you response


#8

I’m trying to do both page and user token/secret while get_api_access:

	def get_api_access
		consumer = OAuth::Consumer.new(@keys['consumer_key'], @keys['consumer_secret'], {:site => @base_url})
		token = {:oauth_token => @keys['access_token'],
		         :oauth_token_secret => @keys['access_token_secret']
		}

		@twitter_api = OAuth::AccessToken.from_hash(consumer, token)
	end

Both returning error: “code”:32,“message”:"Could not authenticate you."


#9

@andypiper

But seriously…what do we even do with all these tokens? which ones do we need? which ones do we use? I mean, this is incredibly confusing. We auth with facebook => one key, one token. We auth with Slack => one key, one token. We auth with almost anyone, that’s the case.
What do i do with this response when I’m trying to POST/create a webhook? I don’t understand at all. Anyway to do a 5min live chat? I feel like we could clear this up quickly if me, @BeGleameeCom and your team could live chat for a couple mins…

{"base_url":"https://api.twitter.com/","uri_path":"/1.1/account_activity/all/env-beta","keys":{"consumer_key":"XXXXXXXXXXXXXXXXXXXXX","consumer_secret":"XXXXXXXXXXXXXXXXXXXXX","access_token":"XXXXXXXXXXXXXXXXXXXXX","access_token_secret":"XXXXXXXXXXXXXXXXXXXXX"},"twitter_api":{"token":"XXXXXXXXXXXXXXXXXXXXX","secret":"XXXXXXXXXXXXXXXXXXXXX","consumer":{"key":"XXXXXXXXXXXXXXXXXXXXX","secret":"XXXXXXXXXXXXXXXXXXXXX","options":{"signature_method":"HMAC-SHA1","request_token_path":"/oauth/request_token","authorize_path":"/oauth/authorize","access_token_path":"/oauth/access_token","proxy":null,"scheme":"header","http_method":"post","debug_output":null,"oauth_version":"1.0","site":"https://api.twitter.com/"}},"params":{"oauth_token":"XXXXXXXXXXXXXXXXXXXXX","oauth_token_secret":"XXXXXXXXXXXXXXXXXXXXX"}}}

#10

@andypiper I appreciate you guys responding to us. We’d really appreciate a few mins today in a real-time chat (here or wherever) to communicate the webhook issues and quickly fix it. We think we can in 10 mins with your help.

Are you available for a quick chat today?


#11

Unfortunately we’re unable to provide support of that kind for our APIs and developer platform.

Let’s see if I can explain how our webhooks and Account Activity API work:

  • You register an app under one Twitter developer account, and are provided an App ID, Consumer Key, and Consumer Secret. Today, this is done on apps.twitter.com; in the future, this functionality will migrate to the new developer portal at developer.twitter.com/dashboard.
  • You request access to the Account Activity API, provide us your App ID, and describe your intended use case; we review your request and grant (or deny) access. At this point, your Consumer Key and Secret are allowed to register a webhook.
  • You create and host a server-side webapp that will implement the callback address for the webhooks. This is the webhook URL that you’re going to register with the API, using your Consumer Key and Secret. It also needs to implement the Challenge Response Check, which is based on your Consumer Key and Secret.
  • For each user account whose activities you want to subscribe to (up to 35 accounts in the current beta period), you implement the Sign-in With Twitter flow in your app. This then provides you a unique Access Token and Access Token Secret for each user. You use those values to register the webhook subscription with the API.
  • Once the subscription is set up successfully, your webapp will start to receive calls for each relevant activity provided by the API.

#12
  • @snowman @andypiper we appreciate your attention. But I can read what you just wrote on the dev website. I understand in-theory’ how its supposed to work. But the implementation is where we’re having issues. We’ve outlined the specific cases above and we’re looking for answers around the specifics…not a conceptual overview.
    I’m pretty persistent, and I’m sure you guys have to be tired of me with this same issue.
    Let’s help each other :grinning:
    I need a bit more insight as to why, when posting the webhook, and I receiving back 10 different tokens. This isn’t outlined in the docs. We’ve posted with NodeJS – no prob.
    But our application is in Ruby and you don’t have any examples in Ruby.

You can be helpful by:

A) helping us understand your response that includes so many tokens

B) Offering a way to approach posting the webhook in Ruby

or simply having someone with dev experience relatively close by today so we can relay a few messages back and forth as we’re attempting to Post the webhook.

Understand you have a big community. Which is especially why I’d love to get this past us and we can get out of your hair.

Thanks a lot in advance


#13

Our Snowbot sample is in Ruby. The response should show the subscriptions (and tokens for each user) that are registered against your webhook URL.

We apologise that these forums are our best method of scaling to help everyone at this time and hope that you are able to appropriately understand and modify existing samples.

Have a great weekend!


#14

I am getting the error while registering webhook:

[{“code”:261,“message”:"Application cannot perform write actions. Contact Twitter Platform Operations through https://support.twitter.com/forms/platform."}]


#15

@vinodsaini - Will you please try using Oauth 1.0 (consumer key, consumer secret, access token, access secret) to register your webhook?

You could also double check your app’s access token and access token secret’s access level to make sure that it is set to the following: Read, write, and direct messages
Do this by navigating to your whitelisted app’s ‘Keys and access tokens’ page, scroll down to the ‘Your Access Token’ section, and check the ‘Access Level.’


#16

Below are the permission

Access Level Read, write, and direct messages

Does it matter what url I set in Callback URL. I putted different url from my webhook url.

@LeBraat can you please check if there is any issue in my app.
Consumer key:


#17

I tried with below code in node js as well


But still getting error of Forbidden


#18

Hey @vinodsaini,

Please do not publicly share your consumer key. I have removed it from your previous post.

The callback URL does not matter in this situation. What are you using for your webhook URL though?

You might want to try resetting your access token and access token secret. Then make sure you have all of these credentials plugged into the client and give it another try.

If this doesn’t work for you, you might want to try using a tool like Insomnia or Postman.


#19

Hi @LeBraat Thanks for the reply

When I am trying to reset token values an error showing

Error
Sorry, that page does not exist

Is my app have write permission and approved for Account Activity API or is there anything left from my side which still needed to done.


#20

@LeBraat

Can you let me know is there any issue with my app and account activity permission.

Also please check the code below which I am using to register webhook: code is in node js

I also tried with removing authorization in headers but error is still same.