Unable to register webhook URL, getting 214 error message



I’m trying to register webhook URL by referring this link https://dev.twitter.com/webhooks/reference/post/account_activity/webhooks ,
sending POST request by passing encoded URL as param
(my webhook URL - https://social.zoholabs.com/TwRealTimeData) .
But getting {“errors”:[{“code”:214,“message”:“Webhook URL does not meet the requirements. Please consult: https://dev.twitter.com/webhooks/securing”}]} error message.
As this docs says https://dev.twitter.com/webhooks/securing, I’m not getting any GET request with crc_token as param in my webhook URL.
Can anyone please help me to solve this?


There are various suggestions for causes of that error message in this thread. Hopefully that will give you some pointers!


Thank you.Now I’m getting crc_token.My webhook is responding in less than 1 sec and constructed response json from crc_token and app consumer secret like this

PrintWriter pw = response.getWriter();
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret = new SecretKeySpec(consumerSecret.getBytes(), "HmacSHA256");//No I18N
byte[] digest = mac.doFinal(crc_token.getBytes());
BASE64Encoder enc = new BASE64Encoder();
String hash = enc.encode(digest);
JSONObject responseToken = new JSONObject();
responseToken.put("response_token", "sha256=" + hash);

returning json format


still getting same error

{"errors":[{"code":214,"message":"Webhook URL does not meet the requirements. Please consult: https://dev.twitter.com/webhooks/securing"}]} 


Here’s a Java code snippet that, given identical input parameters, successfully generates a CRC response that matches one from our node webhook boilerplate sample:

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class CRC_Example {
  public static void main(String[] args) {
    try {
     String consumer_secret = "CqJggD55PohusaBNv";
     String crc_token = "my-crc-token";

     Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
     SecretKeySpec secret_key = new SecretKeySpec(consumer_secret.getBytes("UTF-8"), "HmacSHA256");

     String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(crc_token.getBytes("UTF-8")));

     System.out.println("sha256=" + hash);
    catch (Exception e){

Based on this, I’d suggest forcing getBytes() to use UTF-8.


getting same error even after using UTF-8 for getBytes().

Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret = new SecretKeySpec(consumer_secret.getBytes("UTF-8"), "HmacSHA256");
String hash = Base64.encodeBase64String(mac.doFinal(crc_token.getBytes("UTF-8")));
JSONObject responseToken = new JSONObject();
responseToken.put("response_token", "sha256=" + hash);
PrintWriter pw = response.getWriter();


This is on the registration process - so also ensure that you fulfil the other requirements:

  • Valid response_token and JSON format (we believe this is true based on what you’re doing)
  • Latency less than 1 second.
  • 200 HTTP response code.

Do you see an inbound request from the webhook to check the CRC after posting the request to register your URL?

(for what it is worth, I am seeing 2.048 seconds on your URL)


I just returned to my code that was previously working after several weeks and I’m suddenly getting code: 214, message: 'Bad request.'.

Can anyone help me figure out what happened? The issue seems to be around this line.