Validation Token is not set on webhook event anymore

I have a subscription set up for a webhook to call a url on the Instant Message event (/restapi/v1.0/account/~/extension/~/message-store/instant?type=SMS).
When I first create the subscription, the webhook URL is called, and I can confirm at this time that a Validation Token is present, and I am able to establish the subscription.
If I check the Subscription list at this point, I see that my subscription/webhook is active.

When I send a text message to my number, the url is being called by the webhook (as expected), but there is no Validation Token present, so obviously I can't validate to continue the process and receive the POST data.

I have had a subscription / webhook active for this event for the last 1.5 years and it has worked without issue, until 7 days ago when it just stopped working. After investigating I was able to figure out the above (no Validation Token is present anymore).

I've tried removing and creating a new subscription, confirmed the permissions in the app in the developer portal, and I've also tried creating a new app in the developer portal.

If anyone might be able to shed some light on this issue that would be very appreciated. I've contacted Ring Central support, but haven't received any response.

12 replies

Hello Jordan, I want to add that since yesterday I'm unable to receive webhooks account presence events, others webhooks subscription works fine. All this is sandbox environment, production webhooks account presence events are working properly.

I just run a quick test and I can confirm that Webhook notification subscription on sandbox works as expected. This means that the validation token is sent and required.

But @OK TAXI 101 is right. The presence event notification is not working right now on sandbox. I will report this to the team to investigate and fix it.

Thank you @Phong Vu, I hope the team can fix it soon, so we can continue testing.

Hello @Phong Vu, news about this?. Still today not receiving presence events using sandbox environment.

Still no resolution on this, and STILL no response from Ring Central.
It was important we got this functional, so here is the solution I implemented for the time being (hopefully it's useful to someone else who encounters the same problem).

Because the callback is still being called by RingCentral on receiving an incoming message, we had to add to our script a pull of the new message /account/~/extension/~/message-store?direction=Inbound&readStatus=Unread&perPage=1 to then access the most recent message and pull the JSON data that way.

It was a lot simpler when we were receiving this information with the callback (after validating with the validation code that we are no longer receiving), but this works in the meantime.

I confirm that it is an issue in production environment. RingCentral engineers have been noticed and they are working on it.

Next time, if it is urgent, please create a ticket here:

Update: by design, the spec never says that RingCentral provide a validation-token header for every message. We only provide the header for the very first message that when you try to setup the WebHook. If it is not present, you just ignore it.

Please clarify if you still have concerns regarding this.

I can confirm that today we are receiving the presence events (webhooks) of the account on sandbox environment.

Actually I am not sure that it is recent change. Are you sure that for every notification message, your could receive a validation-token before? Maybe by design it is optional, if it's not present, you simply ignore it.

This report is not outdated, and the issue still stands. I suggest you better understand the issue I'm having before reporting this as outdated.

I agree that there is still issue. But this issue may not be related to validation-token. So it's kindly misleading. The real issue is you are receiving empty notifications.

This is occurring in our Prod environment too. I can see that when we register the webhook (subscription) for the first time I can see "Validation-Token" in the header.
But, once set up is completed, the RingCentral invokes our prod endpoint without validation-token header.

This used to be working just fine few weeks back.

So, should we remove the logic that API's documentation recommends to send the validation-token in a request back in the response? Or what is the fix/workaround.


Validation token is sent only once when you create a new subscription. Check out our code sample in the dev guide to implement your webhook notification.