Please help me with EventSub webhooks

I tried being independent, doing my own researches on google and stuff, but I’ve been at it for 6 hours straight and I didn’t manage to achieve anything, so I’m here because I pretty much accepted I would never find on my own.

My issue is that after setting up a webserver with Express(with ssl certifications I got from, I do not seem to receive any event notification.

Here is my node application code :

var fs = require('fs'),
    http = require('http'),
    https = require('https'),
	express = require("express");
const crypto = require("crypto");

var options = {
    key: fs.readFileSync('/etc/nginx/ssl/private.key'),
    cert: fs.readFileSync('/etc/nginx/ssl/'),

const app = express();
const port = 443;

var server = https.createServer(options, app).listen(port, function(){
	console.log("Express server listening on port " + port);

const twitchSigningSecret = process.env.TWITCH_SIGNING_SECRET;

app.get("/", (req, res) => {
	res.send("Hello World!");

const verifyTwitchSignature = (req, res, buf, encoding) => {
  const messageId = req.header("Twitch-Eventsub-Message-Id");
  const timestamp = req.header("Twitch-Eventsub-Message-Timestamp");
  const messageSignature = req.header("Twitch-Eventsub-Message-Signature");
  const time = Math.floor(new Date().getTime() / 1000);
  console.log(`Message ${messageId} Signature: `, messageSignature);

  if (Math.abs(time - timestamp) > 600) {
    // needs to be < 10 minutes
      `Verification Failed: timestamp > 10 minutes. Message Id: ${messageId}.`
    throw new Error("Ignore this request.");

  if (!twitchSigningSecret) {
    console.log(`Twitch signing secret is empty.`);
    throw new Error("Twitch signing secret is empty.");

  const computedSignature =
    "sha256=" +
      .createHmac("sha256", twitchSigningSecret)
      .update(messageId + timestamp + buf)
  console.log(`Message ${messageId} Computed Signature: `, computedSignature);

  if (messageSignature !== computedSignature) {
    throw new Error("Invalid signature.");
  } else {
    console.log("Verification successful");

app.use(express.json({ verify: verifyTwitchSignature }));"/webhooks/callback", async (req, res) => {
  const messageType = req.header("Twitch-Eventsub-Message-Type");
  if (messageType === "webhook_callback_verification") {
    console.log("Verifying Webhook");
    return res.status(200).send(req.body.challenge);

  const { type } = req.body.subscription;
  const { event } = req.body;

    `Receiving ${type} request for ${event.broadcaster_user_name}: `,


So when I go to : https://45.132.XXX.XXX/ on Google Chrome I do see the “Hello World” page indicating that it’s up. Chrome says the ssl certificat is valid.

Then, I use this command to subscribe to an event : curl -X POST '' --header 'Authorization: Bearer OAUTH HIDDEN ON PURPOSE' --header 'Client-ID: ID HIDDEN ON PURPOSE' --header 'Content-Type: application/json' --data '{"type":"channel.follow","version":"1","condition":{"broadcaster_user_id":"27115917"},"transport":{"method":"webhook","callback":"https://45.132.XXX.XXX/webhooks/callback","secret":"SECRET HIDDEN ON PURPOSEj"}}''

I get a 202 (Accepted) response :

    "data": [{
        "id": "a6fbc0f0-ecbe-4a6d-ae46-da6bbd62240a",
        "status": "webhook_callback_verification_pending",
        "type": "channel.follow",
        "version": "1",
        "condition": {
            "broadcaster_user_id": "27115917"
        "created_at": "2022-08-07T00:53:43.65548975Z",
        "transport": {
            "method": "webhook",
            "callback": "https://45.132.XXX.XXX/webhooks/callback"
        "cost": 1
    "total": 60,
    "max_total_cost": 10000,
    "total_cost": 1

So the subscription seems to have been set up. But nothing seems to arrive on my webserver as nothing is being printed in the log files of my node webserver.

And I’ve tried so many things, going though cloudflare, setting a flask application instead, using twitchio’s library with nginx reverse proxy, I’ve tried them all and nothing worked

My best guess is that the event notification is not reaching my webserver application for some reasons.

I would really really really appreciate if someone experimented can help me through this

Thank you

You can’t issue a valid SSL certificate for an IP address. It may be valid locally. But the outside world won’t accept it unless your a google or Amazon or something. You need a valid domain name and ssl certificates issued to that domain name for EventSub to work.

check it : https://45.132.XXX.XXX/

It’s a valid certificate

When I registered the SSL certificate, I did it for an IP address, not a domain. I don’t see why it wouldn’t have been possible.

If I do a POST request to https://45.132.XXX.XXX/webhooks/callback from a remote computer I do see it appear on my nodejs app logs. But I see nothing coming from Twitch, neither failed or successful requests

You were right ! And also thanks to @Syzuna and @Dkamps18 on the discord, I ended up trying with a domain and it worked. I guess IP addresses are a big no.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.