Receiving system rejects webhook requests as invalid signature.
Where to Check in PassiveWP
WordPress Admin -> PassiveWP -> Branded Links -> My Links
Step-by-Step Fix Walkthrough
Fix Step 1: Confirm both sides use identical webhook secret.
Where to click WordPress Admin→PassiveWP→Branded Links→My Links
What to do In WordPress Admin→PassiveWP→Branded Links→My Links, do this in order: open the relevant panel, find the control related to "Confirm both sides use identical webhook secret.", apply one change, click Save/Run, then reload once to confirm it stuck.
How to verify Private-window click tests should route correctly and keep required attribution params.
Fix Step 2: Validate raw request body before parsing.
Where to click WordPress Admin→PassiveWP→Branded Links→My Links
What to do Open WordPress Admin→PassiveWP→Branded Links→My Links, click the test/validate action in that screen, and wait for the result notice before continuing.
How to verify Private-window click tests should route correctly and keep required attribution params.
Fix Step 3: Allow small clock skew for timestamp checks.
Where to click WordPress Admin→PassiveWP→Branded Links→My Links
What to do In WordPress Admin→PassiveWP→Branded Links→My Links, do this in order: open the relevant panel, find the control related to "Allow small clock skew for timestamp checks.", apply one change, click Save/Run, then reload once to confirm it stuck.
How to verify Private-window click tests should route correctly and keep required attribution params.
Fix Step 4: Retest with one click and one conversion event.
Where to click WordPress Admin→PassiveWP→Branded Links→My Links
What to do Open WordPress Admin→PassiveWP→Branded Links→My Links, click the test/validate action in that screen, and wait for the result notice before continuing.
How to verify Private-window click tests should route correctly and keep required attribution params.
Most Common Causes
- Secret mismatch between PassiveWP and receiver.
- Timestamp/signature validation window too strict.
- Payload transformed before signature verification.
How to Prevent It Next Time
- Rotate secrets carefully with overlap windows.
- Document expected signature headers and format.
- Monitor webhook error logs continuously.
When to Contact Support
- You completed every fix step and still get the same error.
- The issue impacts revenue-critical pages or high-volume campaigns.
- You can share timestamps, affected link/product IDs, and screenshots of the exact error state.
