"Forbidden" response from creating new webhook endpoint

webhooks

#1

My app has been approved for Account Activity API, but when i’m POSTing to the https://api.twitter.com/1.1/account_activity/all/env-beta/webhooks.json endpoint to create a new webhook, I’m receiving 200 - Forbidden response.
the ‘url’ parameter i’m passing along is using HTTPS and returns the correct CRC response.
Needless to say that the oauth headers are also good, i’m passing all the relevant headers for the user access, using the same user that created the app and have been approved, and the signature is generated correctly.

The app id is: 15148116

Please assist,
Thank you.


#2

Sounds like you are following all of the proper steps.

Can you please provide the command that you are using to register the webhook URL (please block out your tokens) and the exact response that you are receiving?


#4

sure. I’ve tried sending the ‘url’ parameter in the body and also in the query-string but both approaches produced the same result.

REQUEST 1:

POST https://api.twitter.com/1.1/account_activity/all/env-beta/webhooks.json HTTP/1.1
Authorization: OAuth XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/x-www-form-urlencoded
Host: api.twitter.com
Content-Length: 71
Expect: 100-continue
Connection: Keep-Alive

url=https%3A%2F%2Ftest.example.com%2Ftwitter

RESPONSE 1:

HTTP/1.1 403 Forbidden
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: attachment; filename=json.json
content-length: 48
content-type: application/json; charset=utf-8
date: Tue, 15 May 2018 14:12:09 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Tue, 15 May 2018 14:12:09 GMT
pragma: no-cache
server: tsa_f
set-cookie: personalization_id=“v1_CnUDkrPTUhkPrNgm/dpLpg==”; Expires=Thu, 14 May 2020 14:12:09 GMT; Path=/; Domain=.twitter.com
set-cookie: guest_id=v1%3A152639352943974911; Expires=Thu, 14 May 2020 14:12:09 GMT; Path=/; Domain=.twitter.com
strict-transport-security: max-age=631138519
x-connection-hash: 238eba05a528a2406f5ed2a11c5e640b
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 173
x-tsa-request-body-time: 0
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report

{“errors”:[{“code”:200,“message”:“Forbidden.”}]}


#5

We’re also having the same error - and created a thread, which is until now, unanswered: Switching from streams to Webhooks questions

Our app id is 1391063.


#6

This morning I saw a new addition to my account environment dashboard (https://developer.twitter.com/en/account/environments)
It now has a new subscription for Account Activity API, once I set my environment up I could create the webhook successfully using the environment name (instead of env-beta).

Looks like twitter finally released the API to the public.


#7