6

I have been following the facebook bot setup guide and have setup a callback url that is running on an EC2 instance.

I am getting an error (see title of this) when trying to validate the callback url and verify token.

https://360.finance:1337/webhook is my webhook and the verify token is the same in my environment variable and in my facebook setting.

I set up SSL using LetsEncrypt and from what I can tell, the SSL is not showing as self signed so it looks to be working correctly (please note I'm new to all of this)

Checked at https://www.ssllabs.com/ssltest/analyze.html?d=360.finance&hideResults=on and all looks correct.

I have also included the facebook page token as an environment variable and included in my index.js file

I have tested netcat / telnet into that port on my ec2 ip and it is succeeding

Andy Johnson
  • 61
  • 1
  • 1
  • 4
  • For anyone with the same challenge. The fix was to set express.js up as https. The facebook bot article doesn't mention this in the setup. – Andy Johnson Mar 06 '20 at 03:33
  • I have the same problem. Based on what logged in my server, it even didn't call my url. But when I test my url, it works in browser. – Bagusflyer Jun 01 '23 at 09:22

5 Answers5

10

You must return an http response of the hub.challenge token as a plain text.

Brightius Kalokola
  • 101
  • 1
  • 4
  • 2
    Why they doesn't mention that clearly?! – Tariq Sep 25 '22 at 09:25
  • 1
    The call from verify webhook even not reach my website. My url webhook url works fine in browser. The only think I suspect is I'm using the self-signed certificate. Is this the cause? – Bagusflyer Jun 01 '23 at 09:33
6

We need to update the following on Facebook app settings page before adding The Callback URL or Verify Token.

  1. Privacy Policy URL
  2. Category
  3. App Icon (1024*1024)

Its weird that facebook doesn't point our exact error.

sKhan
  • 9,694
  • 16
  • 55
  • 53
1

check you callback server, if it is running or not ?

the callback and token comes from your server.

Aziz ullah
  • 99
  • 1
  • 8
1

For python users you need to use a dot not underscore. I don't get it when I use the underscore version Facebook API cant access challenge but when I replicate the same GET request with postman I can access the challenge.

# Wrong way
challenge = request.GET['hub_challenge']

# Right way
challenge = request.GET['hub.challenge']
return HttpResponse(challenge)
mustafa candan
  • 567
  • 5
  • 16
1

Do not use ngrok or localtunnel. I tried both, with no luck.

If you really want your local dev server to authenticate - you can port forward over ssh to your public faced server.

ssh -R 4000:localhost:4000 root@your-server-ip

This way you can setup nginx to reverse proxy 443 to 4000 and handle ssl with certbot

sample config for nginx reverse proxy (before running certbot)

server {
    server_name my-own-domain;
    root /usr/share/nginx/html;
    index index.html index.htm;
    listen 80;

location / {
    proxy_pass http://localhost:4000/;
  }
}

So you "only" need:

  • Your own domain
  • Your own server
  • nginx
  • certbot
  • SSH Server

And now you have your own private ngrok replacement

yeya
  • 1,968
  • 1
  • 21
  • 31