#I see it's disabled. I'm guess this is

Ok, so I'm not hallucinating. I'm using the code example (modified for typescript) provided here: https://elevenlabs.io/docs/conversational-ai/workflows/post-call-webhooks. Put in some additional logging and there are no obvious problems. I'm guessing that the message (concat of timestamp and body with a period in between) is just not the same string being used to generate the secret.

Can I get some help here? Would prefer not to disable the 401 and restrict only to ip address.

Also, is there some other way to test this than making an actual phone call? Cheweing through budget for lame integration testing 🙂

Ok, so here is the issue:

const message =${timestamp}.${req.body};

Is always going to return something like:

"1753824930.[object Object]"

Becuase req.body is an object, and coercing it into string will alwasy return [object Object]. If I JSON.stringify req.body, that also doesn't work, probably because stringify is returning some slightly different JSON that what was used to create the signature (like newlines, or maybe some extra string escaping ... who knows).

I can't be the only one experiencing this. Would really appreciate some developers help here.