Setting up discord app webhooks

07 Nov, 2024

I wanted to share my experience setting up discord developer webhooks because it was slightly maddening.

The discord app webhook

https://discord.com/developers/applications/.../webhooks You'll find the webhooks setup page here. There's a few elements:

1. The public endpoint
2. The events pane (which you can turn on, and check individual events you want to receive)

In order to save the URL, it must be a functional endpoint that returns a 204 status code.

But, in order to enable event handling and check one of the events that you want to receive, you must implement Ed25519 verification of the signature correctly! This is undocumented and difficult to tell unless you're watching the logs of your server as you click save.

From my testing, Discord will send you one signature that fails verification for which you must return a 401 error, and another signature that passes verification for which you must return a 204 no content status code.

Local development

To make iterations faster, I recommend using ngrok to set up a public URL quickly that you can iterate against discord with.

Just run

ngrok http http://localhost:8000

or similar and you should have a url you can use to test in discord.

The Ed25519 verification

I found this code very illuminating on how to implement this: https://discord.com/developers/docs/interactions/overview#setting-up-an-endpoint-validating-security-request-headers

The message is the timestamp from the headers concatenated with the raw body string.

Then, you must verify using the signature and public key from your https://discord.com/developers/applications/.../information page.

I found this tool very helpful to get a feel for whether I was on the right page or not: https://cyphr.me/ed25519_tool/ed.html

Good luck!