Hello,
I’m trying to figure out how to get Twitch to send my web server notices when someone redeems channel points. I’ve got to the point where the eventsub/subscriptions endpoint is returning JSON containing a status of webhook_callback_verification_pending, and I can see the subscription attempt if I poll all of my subscriptions, but after a few minutes the status changes to webhook_callback_verification_failed. In this time, I see no record of Twitch hitting my server. If I click the URL in the “callback” field of Twitch’s response JSON, my browser opens the callback page successfully, so they’ve got the right URL.
My callback URL is a PHP script that logs all requests to a file, and then if it recognizes an EventSub challenge request, it responds as outlined in the API documentation. The PHP script’s logging and Apache’s logging both show no evidence that anyone other than myself has accessed the script. The web site in general has traffic from other sources, but not specifically the callback script.
//My PHP code
$raw_request = file_get_contents('php://input');
$decoded_request = json_decode($raw_request);
if($decoded_request != null){
if(isset($decoded_request->challenge)){
//API doc text says to use this header, unsure why the length would go in content-type and not content length...
header('Content-Type: '.strlen($decoded_request->challenge));
//JS example in the API doc uses text/plain instead, which makes more sense.
//header('Content-Type: text/plain');
echo $decoded_request->challenge;
}
}
I’ve called my own script from PostMan using the sample challenge request provided in the API documentation, and confirmed it returns a 200 status code, Content-Type is either “32” or “text/plain” depending on which of the conflicting instructions I follow, and the body contains only the sample challenge. The server does use HTTPS and is fully open to the public on a registered DNS host name (https://cowness.net), encrypted with a Let’s Encrypt cert.
Anyone have any ideas? I saw another thread where the first response was asking about the SSL cert used; could Twitch not like Let’s Encrypt?
Thanks.