Skip to main content

I'm trying to 'verify' a webhook URL and it doesn't seem to work.

  • I'm using ngrok
  • I verified with hurl.it that my response contains the sent validation-token


The response I get back when clicking on the 'verify' button in the dev console is about the validation token:


  1. message:"BOT_WEBHOOK_VERIFY_ERROR_VALIDATION_TOKEN_ERROR"
  2. status:"FORBIDDEN"


Any idea on how to fix it?

Where do you get the validate token? It should be identical to the validation token in request header.

And please don't use verification token as validation token.
Hi Tyler, yes, it's the same as the one in the header. 

The code I used is pretty simple, it's a simple endpoint that just reads and add the verification token to the request header.

I printed the request + headers to be certain. Here's an example:

POST HTTP/1.1
Content-Length: 0
Validation-Token: AZ9VQGL4VUNZ
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_121)
X-Forwarded-Proto: https
Host: xxxxxx.ngrok.io
X-Forwarded-For: 999.999.999.999
Accept-Encoding: gzip,deflate
Verification-Token: 1balEEpx08pgopU6wLkGskflb0JInjm0


The tokens seem to be the same in the request and in the response's header.

Reply