Webhook Handshake & X-Hook-Secret Trouble

My webhook target server is a Node/Express instance listening on 8080 and running behind an nginx reverse proxy that is available to the public Internet on ports 80 and 443. My SSL/TLS certs are by Let’s Encrypt / Certbot and provisioned yesterday, and nginx handles the SSL/TLS.

When I POST to https://app.asana.com/api/1.0/webhooks to create a webhook, the response I get from asana is status 400 with the message “Could not complete activation handshake with target URL. Please ensure that the receiving server is accepting connections and supports SSL.”

Even though I am instantly sending res.status(200).send(res.header('X-Hook-Secret', req.headers['x-hook-secret'])); I see no indication in nginx nor node is even getting an attempted POST from asana.

Could this be an issue with my nginx configuration, or certificate?

Hello @Matt_Horton!

Heres a few suggestions to find out where the issue is.

  1. Use curl in your terminal to hit your handshake endpoint to see if it is working as expected.
    Or you can use an app that one of our engineers built to help debug this: https://asana-webhook-tool.herokuapp.com/
curl -v -X POST -H "X-Hook-Secret: 1234567890abcdef" -H "Content-Type: application/json" --data "[]" {URL_OF_YOUR_SERVER}

If this fails, it means something is wrong with your handshake endpoint.

  1. If your handshake server is working as expected I’d suggest using ngrok as the middleman to test.
npm install ngrok -g
ngrok http 8080

Pass the ngrok url it gives you as the target to asana. If it succeeds, then we can confirm it’s an issue with how nginx is setup.

  1. Lastly, you can see if it’s a single threaded server issue. To test this, you should POST to the https://app.asana.com/api/1.0/webhooks endpoint from curl or postman. This will keep your Node server open to connections, and it should accept the handshake.

Let me know if this helps!