I am running n8n on an ARM64 server and setting up a webhook for the WhatsApp Business API. As part of the verification process, Meta sends a hub.verify_token and hub.challenge to my webhook, requiring me to respond with the challenge if the token matches.
I want to store the verify token securely as an environment variable in a .yml file (e.g., in docker-compose.yml) instead of hardcoding it in my workflow. Here’s my current setup:
#docker-compose.yml
yaml
version: ‘3’
services:
n8n:
image: n8nio/n8n
restart: always
environment:
- N8N_VERSION=1.76.1
- WHATSAPP_VERIFY_TOKEN=myRandomToken123
ports:
- “5678:5678”
volumes:
- ~/.n8n:/home/node/.n8n
Now, in my n8n workflow, I need help figuring out how to check for the token correctly.
Is there a way something like this can be done?
={{$json[“query”][“hub.verify_token”]}} === {{$env[“WHATSAPP_VERIFY_TOKEN”]}}
Or what way can I tell the webhook to pass the verification key as a parameter in the webhook URL?
The webhook itself is working, but the verification process is failing.
Would this work, or is there a better way to securely check the token inside an n8n workflow? Any guidance or best practices on securely managing this token in a production environment would be greatly appreciated!
Currently, Meta returns:
Bad request - please check your parameters
WhatsApp Trigger: (#2200) Callback verification failed with the following errors: curl_errno = 28; curl_error = Connection timed out after 6000 milliseconds; HTTP Message = Unknown Response Code
Since the webhook verification is failing, there is no valid output yet.
Information on your n8n setup
- n8n version: 1.76.1
- Database: PostgreSQL
- n8n EXECUTIONS_PROCESS setting:
main - Running n8n via: Docker (self-hosted, ARM64 machine, exposed via Cloudflare)
- Webhook status: Working, but verification fails
- Operating system: Debian
Would love to hear insights on whether this is the best approach or if there’s a better way to manage the verification token securely in n8n. 