Skip to content

[Bug]: [LINE Plugin] Webhook verification fails - returns error instead of 200 for empty events array #16425

@hung7893

Description

@hung7893

Summary

When LINE Platform sends a webhook verification request (POST with {"events":[]}), the OpenClaw LINE plugin incorrectly returns:

{"error":"Missing X-Line-Signature header"}

This causes the LINE Developers Console webhook verification to fail with "401 Unauthorized", even though the HTTP status is 200.

Steps to reproduce

  1. Set up a LINE Messaging API channel
  2. Configure OpenClaw LINE plugin with channel access token and secret
  3. Click "Verify" Webhook URL in LINE Developers Console
  4. Verification fails with 401 Unauthorized

Expected behavior

According to LINE's documentation, the verification request does not include a signature. The server should return HTTP 200 without checking for a signature when events is an empty array.

Actual behavior

The server returns HTTP 200, but the response body contains an error message, causing LINE Console verification to fail.

OpenClaw version

2026.2.13

Operating system

Docker container

Install method

Docker container

Logs, screenshots, and evidence

@openclaw/line v2026.2.13
2026-02-14T18:15:19.741Z [line] [default] starting LINE provider (豬豬陳)
$ curl -X POST https://kathline-superindulgent-sana.ngrok-free.dev/webhook/line -d '{"events":[]}'
{"error":"Missing X-Line-Signature header"}
**Steps to Reproduce:**
1. Configure LINE plugin with channelAccessToken and channelSecret
2. Set webhook URL in LINE Developers Console  
3. Click "Verify" button
4. See 401 Unauthorized error

**Test Command:**
curl -X POST <webhook_url> -d '{"events":[]}'
Response: {"error":"Missing X-Line-Signature header"}

**Expected:** Should return HTTP 200 for empty events (verification request)
**Actual:** Returns error message in body despite HTTP 200

Impact and severity

No response

Additional information

The webhook endpoint responds correctly to POST requests with actual message events (when signature is provided), but fails during the initial verification step when LINE sends an empty events array without a signature.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions