Description
For Compliance reasons, I’m trying to catch events that would indicate an external user has been added to a chat channel. We want to monitor this for all users in the account, which is why it’s an account-level app. I’ve successfully authorized an internal (non-published) account-level OAuth app and enabled all the events under the “Chat Channel” category. Unfortunately, I’m unable to trigger the webhook when adding or removing individuals from the channel.
I should also note, this is not an in-meeting chat, it’s the top-level chat feature I’m trying to tap into. Also, I’ve verified using Postman that the Azure-hosted webhook is functional and returns a 200 success code.
Endpoints
Happy to share via private channel, but I’d rather not post here.
Error
The configured webhook never fires.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
How To Reproduce (If applicable)
Steps to reproduce the behavior:
When creating channels, adding members, removing members, no webhook is triggered.
Thanks for reaching out about this, and happy to help.
Can you confirm this is the webhook that you’re attempting to subscribe to?
Additionally, can you confirm the users you’re testing with are joining a public channel and aren’t just being invited to one? This will only be triggered for the former use case, not the latter.
I’ve also verified that I am using a public chat channel to test this out. Nevertheless, the webhook refuses to fire for any of the chat channel events.
Thanks for confirming. Have you ensured that you’ve installed the OAuth App that is subscribed to the events under the account that you’re testing under?
You can confirm this by going to the Marketplace portal and navigating to this page.
Second, can you ensure that the endpoint you’ve specified to receive events at is publicly accessible and returns a 200OK response? (If it doesn’t the webhook events could fail silently).
Thank you for confirming. I took a look at our logs and I can see that the requests to your endpoint are returning with an Unauthorized response. I think this is happening because you handle authorization using the sig query parameter in your endpoint URL.
However, as a POST request will be made to your endpoint, these query parameters likely aren’t passed with the request which causes the Unauthorized response.
If you want to add security to your endpoint, I recommend using the verification token sent in the authorization header of the event to validate the event itself.
Is there any way to configure the webhook endpoint to include the parameters? Unfortunately, Azure Logic Apps require the SAS key parameters for their webhook endpoints.
Unfortunately, we don’t have a method to use query parameters with our Endpoint URLs. You may want to reach out to Azure to see if they can advise on any other method to receive these events.
