[Fixed] Azure event Webhook validation failed


I am trying to verify a webhook with Azure Events. According to their docs a request with the following body:

    "id": "2d1781af-3a4c-4d7c-bd0c-e34b19da4e66",
    "topic": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "subject": "",
    "data": {
      "validationCode": "512d38b6-c7b8-40c8-89fe-f46f9e9622b6",
      "validationUrl": "https://rp-eastus2.eventgrid.azure.net:553/eventsubscriptions/estest/validate?id=512d38b6-c7b8-40c8-89fe-f46f9e9622b6&t=2018-04-26T20:30:54.4538837Z&apiVersion=2018-05-01-preview&token=1A1A1A1A"
    "eventType": "Microsoft.EventGrid.SubscriptionValidationEvent",
    "eventTime": "2018-01-25T22:12:19.4556811Z",
    "metadataVersion": "1",
    "dataVersion": "1"

Should return:

  "validationResponse": "512d38b6-c7b8-40c8-89fe-f46f9e9622b6"

I have verified with postman that my app does exactly this. Here is a snippet:

const validationEventType = 'Microsoft.EventGrid.SubscriptionValidationEvent';
for (var events in req.body) {
const body = req.body[events];
// Validate the event-hook when the eventhook is created
if (body.data && body.eventType === validationEventType) {
    const code = body.data.validationCode;
    const resBody = { validationResponse: code };
    return res.status(200).json(resBody);

Still when I try to verify it with Azure I get the following error message:

Webhook validation handshake failed for https://.ngrok.io/v*./api//media-job.
Http POST request retuned 2XX response with response body
When a validation request is accepted without validation code in the response body, Http GET is expected on the validation url included in the validation event(within 10 minutes). For troublehooting*

Any ideas what might be causing this issue?


I found a fix, however, I am not completely sure what the error was. I saw in my request that I had quite a few headers like set-cookie, X-... moving the router to not use cookie-parser, passport cors, helmet removed a lot of the cookies and also made the handshake work as expected.

Leave a Reply

(*) Required, Your email will not be published