#1

I use the following CRC check when registering a webhook:

  server.get(
    "get-challenge-response",
    "/webhooks/twitter",
    async (ctx, next) => {
      const response_token = crypto
        .createHmac("sha256", process.env.TWITTER_CONSUMER_SECRET)
        .update(ctx.query.crc_token)
        .digest("base64");
      ctx.response.body = { response_token: "sha256=" + response_token };
      // ctx.response.status = 200;
      console.log(ctx.response.body);
    }
  );

When I use the account activity dashboard and an ngrok tunnel for localhost, I can successfully register. Using the exact same config with a live Heroku deployment results in “Webhook URL does not meet the requirements. Invalid CRC token or json response format.”, however when I check Heroku logs the behavior looks to be the exact same:

2019-07-29T19:47:16.249114+00:00 heroku[router]: at=info method=GET path="/webhooks/twitter?crc_token=ZmE3MDg3MjYtZjA0[redacted]tN2FhZmExNmM0NmVk&nonce=MTU2NDQ[redacted]gwMQ" host=www.[].io request_id=bcd99787-552e-4046-82c3-688b419a78cc fwd="[redacted]" dyno=web.1 connect=1ms service=6ms status=200 bytes=237 protocol=https
2019-07-29T19:47:16.245502+00:00 app[web.1]: { response_token: 'sha256=o3q1KraLyAG+eGjvxkaOC3nVtb+1jaidHHssuP8QbZs=' }

Also after successfully registering in dev I use the following to listen for a follow event but I do not see any output:

  server.post("log-event", "/webhooks/twitter", async (ctx, next) => {
    console.log("EVENT PAYLOAD", ctx.request.body);
  });

I’m aware of Autohook however similarly it is only working for me with ngrok, I have raised a github issue for it.

#3

@jasonsince I suspect this is happening because your development URL is HTTPS, while your development URL may be HTTP. The Account Activity FAQs explain why you can get an error 214.

Can you try and ensure your Heroku environment registers callbacks as HTTPS?

#4

I’m not certain what you’re referring to with regards to callbacks, however I am sure that my environment is being served over https both at a root domain and subdomain level.

I have also set via my nameserver (Cloudflare) to redirect all requests with scheme “http” to “https”, so I assume the callbacks you refer to would have to follow this as well?

In addition, the URL that I specify in the POST request to register the webhook is a https url as well.

Is there anything else I can look into? The other possible 214 error codes from the FAQ don’t seem to apply

#5

Can you share the full URL you’re using to register a webhook via the /account_activity/all/:env/webhooks.json endpoint? It should look similar to this:

https://api.twitter.com/1.1/account_activity/all/env/webhooks.json?url=https%3A%2F%2Fexample.com%2Fwebhooks%2Ftwitter

Also to clarify on my previous post, the callback URL must be explicitly set to an https protocol, as the Account Activity API will not follow redirects. So, the webhook registration will fail with an error code 214 if you try to register http://example.com/webhooks/twitter, even if it is configured to redirect to https://example.com/webhooks/twitter.

#6

Understood. So that shouldn’t be an issue as I am trying to register the callback directly as https. The url is:

https://api.twitter.com/1.1/account_activity/all/development/webhooks.json?url=https%3A%2F%2Fwww..io%2Fwebhooks%2Ftwitter

But I am not sending the POST request manually, I am using GitHub - twitterdev/account-activity-dashboard: Sample web app and helper scripts to get started with the premium Account Activity API, though I don’t think the issue is with the library

#7

Problem solved. There was a trailing whitespace character in my Heroku environment variables config for consumer secret which was probably causing an invalid CRC response token to be calculated.

2 Likes
#8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.