whatsapp-trigger - >Error: error validating signature
Hello,
I'm encountering issues while attempting to connect my WhatsApp Business account through the WhatsApp Bot node; it is not functioning correctly. Specifically, my primary workspace is displaying the following error: whatsapp-trigger -> error: Error: error validating signature.
Here are the steps I followed according to the documentation:
First, I created a Token Verification Workspace, setting the token in the 'Token Verification Node' to match the Temporary Access Token provided by Meta. Then, I deployed it. I configured this endpoint in the Callback URL on Meta. Currently, only this workspace is running with a status of 200 and displaying 'Webhook verification successful.
2nd. In a separate workspace, I configured the WhatsApp Bot trigger using the App ID and App Secret. I used the same PATH as in my first workspace; however, it fails to operate correctly, returning an "error validating signature."
Additionally, I am encountering an issue where sending a single message to my chatbot on WhatsApp results in multiple log entries. For instance, when I sent the message "Hello guys" on WhatsApp, the LOG section showed 3 or 4 entries for each message
Apparently, the same message is sending multiple requests to the webhook, causing the records to duplicate.
Also, the records are showing messages that I sent a day ago, so it's not only sending the same message multiple times but also sending previous ones (which is useless).
In Meta, I only have "Messages" configured in the webhook fields.
I hpe your answers, pls
Solution:Jump to solution
In your workflow, I checked the phonenumber ID in the auto responder was not referenced correctly, I've updated it on your workflow and the node too. Yeah, currently it will log each event we are checking on a solution to match the message id and stop it when a message is not received, as meta does not provide anything to handle this, they do send the the request every second till 15 minutes to check the secure connection. - https://developers.facebook.com/docs/whatsapp/cloud-api/guides/set-up-...
Meta for Developers
Webhooks - Cloud API - Documentation - Meta for Developers
Subscribe Webhooks to get notifications about messages your business receives and customer profile updates.
20 Replies
Hi @Angel Mayr, could you please confirm if your verification endpoint is verified on the Meta dashboard?
Hi @Gaurav Chadha, Yes, I successfully set up the endpoint on the Meta dashboard. In fact, my token verification workflow returned a status of 200. Would you like me to send you my workflow?
Yes, you can share it via in-app support, we'll take a look. https://docs.buildship.com/support-messages
Support Messages – BuildShip
A unified resource to start building your backend with low-code. Dive into triggers, nodes, and step-by-step guidance to jumpstart your workflow creation.
"Done! I have shared it with you. I also shared the other workflow yesterday, and I hope you can review it and provide me with your feedback, please. Thanks!"
Hi @Angel Mayr, Thanks for sharing the workflow copy, I see, you are not using the Trigger with the auto responder node in your workflow, the auto responder node sends the payload to the trigger request each time simultaneously to verify the signature in the request. Could you please try with including the responder node? I would recommend to test with the pre-built template first and then remix.
Hi,
I’ve encountered the issue with setting up the WhatsApp Bot Trigger. The documentation suggests using "App ID" and "App Secret" as keys. However, this setup was unsuccessful in my workflow. Using the phone ID instead resolved the initial problem.
Despite this fix, there is a persisting issue with message reception. For instance, I sent 10 test messages yesterday, and the Trigger is still active today; the messages sent earlier continue to appear in Buildship. Moreover, when I send a new message, the chatbot in WhatsApp responds with the previous messages.
Additionally, the WhatsApp Bot Trigger logs each event, noting when users receive and read messages. However, the Meta Dev dashboard only displays "messages" configured in the webhook fields.
Please help me address these issues.
Thank you.
Could you also review the screenshots of my Meta dashboard and my conversation chat?
Solution
In your workflow, I checked the phonenumber ID in the auto responder was not referenced correctly, I've updated it on your workflow and the node too. Yeah, currently it will log each event we are checking on a solution to match the message id and stop it when a message is not received, as meta does not provide anything to handle this, they do send the the request every second till 15 minutes to check the secure connection. - https://developers.facebook.com/docs/whatsapp/cloud-api/guides/set-up-webhooks#webhook-delivery-failure.
Meta for Developers
Webhooks - Cloud API - Documentation - Meta for Developers
Subscribe Webhooks to get notifications about messages your business receives and customer profile updates.
Hey guys I am encountering this same issue
Hi everyone! I'm getting this or the same error, but what's causing it are the words with accents. If I send the same message without accents it works. Can help?
AI Support Bot Information
<@495561314802991106> you can react on the relevant answer (message) with a ✅ in this thread when you think it has been solved, by the bot or by a human!
Anyone can react on this message with a ❌ if the GPT bot is unhelpful or hallucinating answers.
Please note: Team members will review and answer the questions on best efforts basis.
AI Response
I'm sorry, but I couldn't locate any specific information in the uploaded files regarding errors caused by words with accents. It might be beneficial to investigate input validation or encoding issues. If the problem persists, please send a support request directly through the BuildShip interface for further assistance.
BuildShip AI Support
Hi @Giovanni Cocco @ssmedusass , we'll test out with different accent and will let you know on the fix. cc @Wimukthi
Thanks @Gaurav Chadha I will wait!
Hi @Gaurav Chadha any news about this error?
Hi @Giovanni Cocco could you please try to delete and add the whatsapp trigger again? @Wimukthi will be sharing a fixed/updated copy of your workflow over email.
Ok my workflow is back! Just waiting the fix/updated from WhatsApp trigger!
@Gaurav Chadha Any update about this fix?
I think the problem is here right?
// validate signature
function validate_signature(data, hmac_header, accessSecret) {
const json_string = JSON.stringify(data);
const hmacReceived = hmac_header.replace('sha256=', '');
const digest = crypto.createHmac('sha256', accessSecret).update(json_string).digest('hex');
const resp = crypto.timingSafeEqual(Buffer.from(hmacReceived, 'hex'), Buffer.from(digest, 'hex'));
console.log(
validate_signature: ${resp})
return resp;
}
@Gaurav Chadha Solved!Hi @Giovanni Cocco good to know, could you please share the solution as well? cc @Wimukthi we can update it on the main logic
Thats Great. Feel free to share the solution as well!
Hi guys! cc @Gaurav Chadha @Wimukthi
I modified this two lines:
const json_string = rawData.normalize('NFC'); // NFC Standardization
const rawBody = await parser.text(nodeReq); // Read raw body as string
The entire code. Cc @Gaurav Chadha @Wimukthi
import parser from "co-body";
import typeis from "type-is";
import crypto from 'crypto';
const mimeTypes = {
json: [
"application/json",
"application/json-patch+json",
"application/vnd.api+json",
"application/csp-report",
"application/reports+json",
"application/scim+json",
],
form: ["application/x-www-form-urlencoded"],
text: ["text/plain"],
xml: ["text/xml", "application/xml"],
};
function isTypes(contentTypeValue, types) {
if (typeof contentTypeValue === "string") {
contentTypeValue = contentTypeValue.replace(/;$/, "");
}
return typeis.is(contentTypeValue, types);
}
function validate_signature(rawData, hmac_header, accessSecret) {
const hmacReceived = hmac_header.replace('sha256=', '');
const json_string = rawData.normalize('NFC'); // NFC Standardization
const digest = crypto.createHmac('sha256', accessSecret).update(json_string).digest('hex');
const resp = crypto.timingSafeEqual(
Buffer.from(hmacReceived, 'hex'),
Buffer.from(digest, 'hex')
);
console.log(
validate_signature: ${resp});
return resp;
}
async function onExecution({ app_id, accessSecret }, { nodeReq, request, res, logging }) {
try {
logging.log(
onExecution);
const rawBody = await parser.text(nodeReq); // Read raw body as string
const sig = request.headers['x-hub-signature-256'];
logging.log("sig", sig);
const valid = validate_signature(rawBody, sig, accessSecret);
logging.log("valid", valid);
if (!valid) {
throw new Error("error validating signature");
}
return {
request: {
headers: request.headers,
body: JSON.parse(rawBody),
},
output: {}
};
} catch (error) {
logging.log(error);
throw new Error(
error: ${error});
}
}
export default {
onCreate: async () => ({ success: true }),
onUpdate: async () => ({ success: true }),
onExecution
};
Thanks @Giovanni Cocco