Setting webhook results in 'Unauthorized WebHook callback channel' . Everything should be fine

Question

Time to go to SE, since this has cost me more then 4 hours now.

I'm trying to setup a webhook (https://app.example.com/notications) for Push Notifications coming from Google Drive API.

After having set-up everything I'm getting error:

    ...
    errors": [
        {
            "domain": "global",
            "reason": "push.webhookUrlUnauthorized",
            "message": "Unauthorized WebHook callback channel: https://app.example.com"
        }
    ],
    ...

There are a couple of results on google (most of which are here on SE) that talk about this issue. None of the solutions presented seem to work for me. Needless to say, I would be pretty much tearing my hair out if I had some.

This I what I've tried:

As explained here there are some requirements:

1. Step 1: Verify that you own the domain. (Complete the site verification process using Webmaster Tools)

   Registered app.example.com, through Webmaster Tools. Separately also verified example.com although this should not matter. Check!

2. Step 2: Register your domain:

   • Go to the Google Developers Console.
   • Choose or create a project.
   • In the sidebar on the left, click APIs & auth, then click Push.
   • Click Add domains.
   • Fill in the form, then again click Add domains.

   Done for app.example.com. Check!

3. Note that the Drive API will be able to send notifications to this HTTPS address only if there is a valid SSL certificate installed on your web server. Invalid certificates include:

   • Self-signed certificates.
   • Certificates signed by an untrusted source.
   • Certificates that have been revoked.
   • Certificates that have a subject that doesn't match the target hostname.

   What I've done:

   • I've setup app.example.com with an SSL certificate.
   • Moreover the endpoint is reachable and everything checks out.
   • SSL checker has verified that everything is okay (5 ticks). Even the SSL-chain is setup correctly. Check!

4. constructing a POST query

   • to the simple https://www.googleapis.com/drive/v2/changes/watch endpoint
   • containing a Authorization: Bearer x header
   • containing a Content-Type:application/json header

Post contains a body as follows

    {
      "id": "someIdThatDoesntMatter",
      "type":"web_hook",
      "address": "https://app.example.com/notifications"
    }

Check!

I'm running all this through Postman (a Chrome extensions to test http requests) so there's no app at my side that can be interfering.

What on earth could be the problem?

Answer 1

It was very weird but somehow it works.

1. When adding domain use complete URL with https://app.example.com/notifications

try the complete URL with a trailing slash when making calendar API call

{
  "id": "someIdThatDoesntMatter",
  "type":"web_hook",
  "address": "https://app.example.com/notifications/"
}