FG
๐Ÿ”Œ APIs & SDKsTwilio

Express webhook not authenticating

Fresh5 months ago
Mar 14, 20260 views
Confidence Score77%
77%

Problem

Issue Summary The validation methods in webhooks won't validate messages initiated by a user on Whatsapp. Steps to Reproduce Pretty much an interactive replica of How to secure Twilio webhook URLs in Node.js 1. Go to the sample project on https://replit.com/@OlegAzava/ExpressWithTwilioWebhook#index.js and wake up the Replit 2. Replace the TWILIO_AUTH_TOKEN with a working one <img width="672" alt="image" src="https://user-images.githubusercontent.com/3731173/223853291-1c332d87-71db-4ca4-adbc-188b07e3e12c.png"> 3. Configure a Whatsapp sender in Twilio to send messages to https://ExpressWithTwilioWebhook.olegazava.repl.co/api/message 4. Send a message from within Whatsapp to the target phone number Code Snippet [code block] Exception/Log Signatures comparison fails Technical details: twilio-node version: 4.8.0 node version: v18.12.1

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
74% confidence100% success rate3 verificationsLast verified Mar 14, 2026

Solution: Express webhook not authenticating

Low Risk

Hi, IDK if the problem we're facing is exactly the same as the one mentioned in this issue, but as it seems very similar, I'll try my luck here. If not, let me know and I will make a separate issue. After upgrading the lib from `3.54.0` to `4.9.0` we ran into the problem that all webhooks failed. We use the `validateRequest` method to verify that the request is coming from Twilio. Where previou

74

Trust Score

3 verifications

100% success
  1. 1

    Hi, IDK if the problem we're facing is exactly the same as the one mentioned in

    If not, let me know and I will make a separate issue.

  2. 2

    After upgrading the lib from `3.54.0` to `4.9.0` we ran into the problem that al

    After upgrading the lib from `3.54.0` to `4.9.0` we ran into the problem that all webhooks failed.

  3. 3

    We use the `validateRequest` method to verify that the request is coming from Tw

    We use the `validateRequest` method to verify that the request is coming from Twilio.

  4. 4

    Where previously (in `3.54.0`) `validateRequest(authToken, twilioSignature, url,

    Where previously (in `3.54.0`) `validateRequest(authToken, twilioSignature, url, req.body)` worked, in `4.9.0` it no longer does, the method returns `false`.

Validation

Resolved in twilio/twilio-node GitHub issue #924. Community reactions: 4 upvotes.

Verification Summary

Worked: 3
Partial: 1
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

twiliosmsapitype:-bugstatus:-help-wantedstale