Channel events not triggering webhook for account-level OAuth app

For Compliance reasons, I’m trying to catch events that would indicate an external user has been added to a chat channel. We want to monitor this for all users in the account, which is why it’s an account-level app. I’ve successfully authorized an internal (non-published) account-level OAuth app and enabled all the events under the “Chat Channel” category. Unfortunately, I’m unable to trigger the webhook when adding or removing individuals from the channel.

I should also note, this is not an in-meeting chat, it’s the top-level chat feature I’m trying to tap into. Also, I’ve verified using Postman that the Azure-hosted webhook is functional and returns a 200 success code.

Happy to share via private channel, but I’d rather not post here.

The configured webhook never fires.

Which App Type (OAuth / Chatbot / JWT / Webhook)?

How To Reproduce (If applicable)
Steps to reproduce the behavior:
When creating channels, adding members, removing members, no webhook is triggered.

Hi @Jody,

Thanks for reaching out about this, and happy to help.

Can you confirm this is the webhook that you’re attempting to subscribe to?

Additionally, can you confirm the users you’re testing with are joining a public channel and aren’t just being invited to one? This will only be triggered for the former use case, not the latter.

Let me know—thanks!

I was actually trying to capture the Member Invited event, but I have enabled all Chat Channel events:

I’ve also verified that I am using a public chat channel to test this out. Nevertheless, the webhook refuses to fire for any of the chat channel events.

Hi @Jody,

Thanks for confirming. Have you ensured that you’ve installed the OAuth App that is subscribed to the events under the account that you’re testing under?

You can confirm this by going to the Marketplace portal and navigating to this page.

Second, can you ensure that the endpoint you’ve specified to receive events at is publicly accessible and returns a 200OK response? (If it doesn’t the webhook events could fail silently).

Let me know—thanks!

Thanks, Will. I’ve verified that the app is successfully installed:

And I’ve also re-verfied using Postman that the response code coming back is 200 OK.

Hey Jody,

Thank you for confirming. I took a look at our logs and I can see that the requests to your endpoint are returning with an Unauthorized response. I think this is happening because you handle authorization using the sig query parameter in your endpoint URL.

However, as a POST request will be made to your endpoint, these query parameters likely aren’t passed with the request which causes the Unauthorized response.

If you want to add security to your endpoint, I recommend using the verification token sent in the authorization header of the event to validate the event itself.

Let me know if you have any questions.


Thanks, Max.

Is there any way to configure the webhook endpoint to include the parameters? Unfortunately, Azure Logic Apps require the SAS key parameters for their webhook endpoints.

Hey Jody,

Unfortunately, we don’t have a method to use query parameters with our Endpoint URLs. You may want to reach out to Azure to see if they can advise on any other method to receive these events.