WhatsApp Cloud API Webhook验证失败求助:本地curl测试正常但Meta平台验证失败
2026-4-1
WhatsApp Cloud API Webhook验证失败求助:本地curl测试正常但Meta平台验证失败
各位大佬,我折腾了一整天的WhatsApp Cloud API Webhook验证,快疯了!本地用curl测试完全正常,但Meta开发者平台一直提示验证失败,Nginx控制台根本看不到Meta的请求日志,就好像Meta根本没调用我的URL一样,求帮忙看看哪里出问题了😭
问题背景
我正在配置WhatsApp Cloud API的Webhook回调URL,用Nginx作为反向代理,把请求转发到本地5000端口的Node.js服务。本地用curl测试能正常返回200状态码和对应的challenge值,但在Meta开发者控制台提交验证时,一直弹出错误:
The callback URL or verification token check failed. Please verify the provided information or try again later.
更奇怪的是,Nginx的访问日志里完全找不到Meta发起的请求记录,感觉Meta的请求根本没到我的服务器。
我的配置
Nginx 反向代理配置
# HTTP Let's Encrypt / Sectigo Validation server { listen 80; server_name mentest.net www.mentest.net; root /var/www/mentest; index index.html index.htm; # SSL验证路径 location /.well-known/pki-validation/ { allow all; root /var/www/mentest; try_files $uri =404; } # HTTP强制跳转HTTPS return 301 https://$host$request_uri; } # HTTPS服务配置 server { listen 443 ssl; server_name mentest.net www.mentest.net; root /var/www/mentest; index index.html index.htm; ssl_certificate /etc/ssl/certs/mentest_net.crt; ssl_certificate_key /etc/ssl/private/mentest_net.key; ssl_trusted_certificate /etc/ssl/certs/My_CA_Bundle.ca-bundle; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # WhatsApp Webhook 转发到5000端口 location /wawebhook { proxy_pass http://127.0.0.1:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # 主站转发到3000端口的Node服务 location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
Node.js Webhook 代码
const express = require('express'); const app = express(); app.use(express.json()); const port = process.env.PORT || 5000; const verifyToken = 'my_secret_token'; // 硬编码的验证Token // GET请求处理验证逻辑 app.get('/wawebhook', (req, res) => { const { 'hub.mode': mode, 'hub.challenge': challenge, 'hub.verify_token': token } = req.query; if (mode === 'subscribe' && token === verifyToken) { res.status(200).send(challenge); // 验证通过返回challenge } else { res.status(403).end(); // Token或模式不匹配返回403 } }); // POST请求处理消息接收 app.post('/wawebhook', (req, res) => { const timestamp = new Date().toISOString().replace('T', ' ').slice(0, 19); console.log(`\nWebhook received ${timestamp}`); console.log(JSON.stringify(req.body, null, 2)); res.sendStatus(200); }); app.listen(port, () => { console.log(`Listening on port ${port}`); });
手动测试结果
我在本地执行curl命令测试验证逻辑:
curl.exe -v "https://mentest.net/wawebhook?hub.mode=subscribe&hub.verify_token=my_secret_token&hub.challenge=123"
返回完全符合预期,能拿到200状态码和123的challenge值,Nginx和Node的日志也能正常记录这个请求:
* Host mentest.net:443 was resolved. * IPv6: (none) * IPv4: 45.32.121.132 * Trying 45.32.121.132:443... * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * ALPN: server accepted http/1.1 * Established connection to mentest.net (45.32.121.132 port 443) from 192.168.1.238 port 49745 * using HTTP/1.x > GET /wawebhook?hub.mode=subscribe&hub.verify_token=my_secret_token&hub.challenge=123 HTTP/1.1 > Host: mentest.net > User-Agent: curl/8.16.0 > Accept: */* > * schannel: remote party requests renegotiation * schannel: renegotiating SSL/TLS connection * schannel: SSL/TLS connection renegotiated * schannel: remote party requests renegotiation * schannel: renegotiating SSL/TLS connection * schannel: SSL/TLS connection renegotiated < HTTP/1.1 200 OK < Server: nginx/1.24.0 (Ubuntu) < Date: Mon, 17 Nov 2025 13:10:45 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 3 < Connection: keep-alive < X-Powered-By: Express < ETag: W/"3-QL0AFWMIX8NRZTKeof9cXsvbvu8" < 123* Connection #0 to host mentest.net:443 left intact
我的怀疑点
- 301重定向问题:我在Nginx里配置了HTTP跳转到HTTPS,且server_name包含
mentest.net和www.mentest.net两个域名,会不会Meta请求了www域名,被301重定向后就直接放弃了? - Token匹配问题:虽然我反复核对过Meta控制台填的Token和代码里的
my_secret_token,但会不会哪里不小心输错了? - 缓存问题:听说Meta会缓存验证失败的结果,会不会之前的失败记录还在缓存期,导致现在即使配置对了也无法通过?
具体问题
- 到底我漏了什么配置?为什么本地curl正常,Meta却验证失败?
- Meta是不是会拒绝存在301重定向的回调URL?
- 有没有其他我没注意到的坑?
补充信息
- DNS解析正常:
mentest.net和www.mentest.net都指向正确的服务器IP - SSL证书有效:用的Sectigo证书,浏览器访问网站没有任何安全提示
- 端口开放:服务器80、443端口都无防火墙限制
- 服务状态:Node.js服务能正常接收curl请求,但完全收不到Meta发起的任何请求
