Problem with new EventSub

I am sending the following call via postmaster.
Post to https://api.twitch.tv/helix/eventsub/subscriptions
Headers;
Client-ID: My Client ID
Authorization: Bearer < TwitchAccessToken for ID >
Content-Type: application/json

Body
{
“type”: “channel.update”,
“version”: “1”,
“condition”: {
“broadcaster_user_id”: “My Twitch ID”
},

"transport": {
    "method": "webhook",
    "callback": "Website that is listening for response",
    "secret": "SecretDuh"
}

}

I am getting a Unauthorized 401 Must provide valid app token. This is the same way I am sending my app token for numerous other requests, is something different for EventSubs?

Also when twitch sends the initial Get response of webhook_callback_verification_pending, am I supposed to verify the Header and send a 200 status (if it matches)? I don’t need to send back a challenge or anything like that (as needed for the existing webhooks). The second response (with the actual requested information) just needs a simple 200 status response correct?

Are you sure you’re using the client_credentials auth flow to create an App token? Using a User token will not work.

EventSub uses a POST request for verification, not GET. Also you do need to send back a challenge, as shown in steps 3. 4, and 5 of the EventSub guide https://dev.twitch.tv/docs/eventsub

I got app token and user token mixed up, that was my mistake. I went back and reread (for what feels like the umpteenth time) and see where all the responses will be post responses back to me.

It does appear that I need to send the challenge back after the initial subscription.

Return the value of challenge from the callback verification request to complete the verification process. Your response must be a raw string. If your server is using a web framework, be careful that your web framework isn’t modifying the response in an incompatible way. For example, some web frameworks default to converting responses into JSON objects.
pogchamp-kappa-360noscope-vohiyo

I think I have things mostly figured out now, just need to flesh it out a little more.

I would love to see Hosting added to the events.

Upon further testing I am not seeing the callback verification request.

My call back url is https://website:8057/twitch/eventsub/callback

I am watching for any post request on that port and am not seeing anything come in. I have verified the url by sending a generic post message to the callback URL and I do see that come in, just nothing from twitch. What am I missing, is specifying the port causing an issue (I hope this isn’t the case)?

Check the List Subscriptions endpoint GET https://api.twitch.tv/helix/eventsub/subscriptions and see what it shows as the status for your subscription.

It starts as
webhook_callback_verification_pending

and is now
webhook_callback_verification_failed

That indicates that either Twitch can’t reach your callback URL, or that it is not returning the challenge and a 2xx status.

Right which lines up with what I am seeing.

I am watching the traffic on my server and I never see Twitch sending the callback verification. I am trying to figure out what the issue is, and if it is related to the port number in the callback. I can’t return the challenge if I am never getting the challenge on my server.

Your SSL is on a non standard port.

It’s expected to SSL on the standard port. So try 443.

I understand it is a non standard port, that is how the whole webserver is setup. So I guess the answer to my question is that the EventSub can’t handle a non standard port (even though Webhooks could). If this is the case this is something that should be addressed.

Webhooks also had issue with non-standard ports using SSL. The difference here is that EventSub ONLY supports SSL, where as for webhooks it was optional for any topic that didn’t require a scope.

What you may want to consider is using a reverse proxy, such as Nginx, so you can run your app on whatever port you like but Nginx will run on 443 and forward the traffic internally to the port your app is listening on.

I guess I didn’t realize that EventSub was only ssl (I did see the https requirement, but guess I didn’t equate that only 443). Thanks for the Nginx suggestion I will take a look at it.