Midjourney is amazing. It lets you generate wild, beautiful AI images with just a prompt. And if you’re a developer like me, you can use their API to automate these jobs and fire webhooks when they’re done. It’s magical — until it stops working. That’s exactly what happened to me.
TL;DR
One day, Midjourney’s webhook stopped sending me updates. I kept getting a mysterious 401 missing_signature error. Turns out, Midjourney requires endpoint verification for callbacks. By switching to a verified callback URL, everything worked again. If your jobs aren’t triggering callbacks, this might be your fix!
The Panic: My Webhooks Just Stopped
Everything was going smoothly. I had automated my art generation with Midjourney’s API. I’d launch a job, then wait for the webhook to notify me when the image was ready.
Then one morning… nothing.
No webhook. No image updates. Just silence.
I checked my logs. Nope, the jobs were launching fine. But the callbacks? They were dead on arrival. My server wasn’t even getting a ping.
I dusted off my debugging tools. After some digging, I saw error messages in Midjourney’s response logs: 401 Unauthorized – missing_signature. Uh-oh.
Let’s Break Down This Error
A 401 means your service isn’t authorized. But this wasn’t about API keys. The error said: missing_signature.
That meant one thing: Midjourney wanted to make sure it was talking to a real, pre-approved webhook endpoint. It wasn’t just going to send data to any random URL.
I had been testing webhooks on a local tunnel (*cough* ngrok *cough*), so my URL kept changing. Midjourney didn’t like that.
Understand How Verified Callback URLs Work
Midjourney uses signed webhook calls. That means every POST it sends to your server includes a signature in the header. Kind of like a secret password.
If your server doesn’t verify that signature, or—worse—if it’s not on a list of approved callback URLs, it gets a big NOPE from Midjourney.
This is great for security. It prevents people from injecting fake data or hijacking jobs. But it confused me for a bit.
Solution: Verify Your Webhook Endpoint
Here’s how I fixed it:
- I moved off temporary URLs like ngrok.
- I hosted my webhook on a public domain I controlled (like myownsite.com).
- I logged into the Midjourney Developer Portal.
- I edited my application’s settings and submitted my callback URL as a verified endpoint.
Midjourney reviewed it pretty quickly. Once verified, boom — the 401s were gone and the callbacks resumed immediately.
My Webhook Endpoint Got Smart
Then I decided to get clever. I started verifying each incoming request myself using the signature Midjourney sends. Here’s the basic flow:
- Midjourney sends a POST to your callback URL.
- It includes a signature in the headers, like
X-Signature. - Your server compares that signature to one it generates using your shared secret.
- If they match, you know it’s a legit call.
This keeps the endpoint safe from fakes and spam.
The Magic Line of Code (Sort Of)
You can do something like this in Node.js with Express and crypto:
const crypto = require('crypto');
app.post('/midjourney-callback', (req, res) => {
const signature = req.headers['x-signature'];
const rawBody = JSON.stringify(req.body);
const secret = process.env.MIDJOURNEY_SECRET;
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex');
if (signature === expectedSignature) {
console.log('✔ Valid webhook received!');
// proceed with processing
} else {
console.log('🚫 Invalid signature!');
res.status(401).send('Not authorized');
return;
}
res.status(200).send('OK');
});
This meant even if someone guessed my URL, they couldn’t spoof a call.
Testing Tip: Use a Static Domain for Dev Too
If you’re still doing development, try using a reverse proxy or local-tunnel service that gives you a persistent domain. Some services let you reserve one!
But note: even those URLs need to be known and verified in Midjourney settings. Dynamic or rotating URLs won’t cut it.
Lessons Learned (So You Don’t Panic)
I learned a few important things navigating this whirlpool of webhooks:
- Midjourney wants a trusted relationship. If callbacks aren’t verified, they won’t send anything.
- Never assume temporary URLs will work forever. Midjourney’s platform expects stability.
- Always log webhook errors. Seeing that 401 was what cracked the case for me.
- Verify the signature on your server. It’s extra work, but it’ll save you from impersonation attacks.
Bonus: What If You Still Don’t Get Webhooks?
If you’ve verified your endpoint and you’re still stuck, double-check these:
- SSL is required. Your callback must use HTTPS.
- Response times matter. If your server takes too long, Midjourney might give up.
- Return 2xx codes. If your server returns a 500 or similar, the webhook may retry — or not.
- Watch your firewall settings. Make sure Midjourney’s IPs aren’t being blocked.
Wrap-Up: Back on Track and Loving It
Now that my webhook endpoint is verified and signature-checked, everything runs like butter. My image jobs fire off, the status comes back through webhooks, and my whole process is slick and automated once again.
If you’re getting missing_signature errors or jobs just stop pinging you, don’t panic. Just verify your callback URL with Midjourney and check those headers. It’s like a secret handshake — once you get it right, the gate opens.
webhook success, ai art pipeline, happy developer with computer[/ai-img>
And that’s how I fixed my Midjourney webhook mystery. Hope it saves you a few hours (or heart attacks) too!