The documentation for webhooks at https://marketplace.zoom.us/docs/api-reference/webhook-reference says that an ‘authorization’ header is sent by Zoom and the value can be compared to the Verification token shown on the Features page of my Marketplace app.
I have a number of webhooks being sent, none of which contain the ‘authorization’ header, that I can see. None of my logs show the verification token string being sent at all, anywhere in the POST request, as a header or otherwise.
Am I missing something?
I really need to authenticate POST requests to my endpoints; the only thing unique I see right now is a ‘clientid’ header.
Any ideas?
tommy
(Tommy Gaessler)
April 28, 2020, 9:11pm
2
Hey @stevejohnson ,
What language are you using for your server?
The verification token should be included, but depending on how you are receiving requests it could differ where in the header to find it.
Hey @john !
You are correct, you will only receive the Deauthorization Event Notification Webhook with the Production version of your app. You can test this by installing the production version of your app via your apps publishable URL,
[54%20PM]
And then uninstalling your app on your “Installed Apps” page.
[21%20PM]
I made a simple PHP web server and was able to see the Verification Token in the request headers (when testing a Zoom event/webhook sent to my server). Here is my code:
Examp…
Thanks,
Tommy
PHP
This is output of PHP’s getallheaders() (sensitive values 'x’ed):
Array
(
[User-Agent] => Zoom Marketplace/1.0a
[Connection] => Keep-Alive
[Host] => xxxxxx.net
[Content-Length] => 290
[Content-Type] => application/json; charset=utf-8
[X-Zm-Trackingid] => Webhook_409f4a3e202c4f39b3ca598e4ddaff38
[Clientid] => xxxxxxxxxxxxxxxxx
)
And the relevant part of $_SERVER (again, 'x’ed)
[HTTP_USER_AGENT] => Zoom Marketplace/1.0a
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => xxxxxxxx.net
[CONTENT_LENGTH] => 290
[CONTENT_TYPE] => application/json; charset=utf-8
[HTTP_X_ZM_TRACKINGID] => Webhook_409f4a3e202c4f39b3ca598e4ddaff38
[HTTP_CLIENTID] => xxxxxxxxxxxxx
tommy
(Tommy Gaessler)
May 4, 2020, 11:15pm
4
Hey @stevejohnson ,
I belive the issue is on your PHP server configuration side of things. Checkout this stackoverflow:
Thanks,
Tommy
Thanks for that, didn’t occur to me to look there.
1 Like
tommy
(Tommy Gaessler)
May 7, 2020, 6:01pm
6
Let me know if you resolve the issue @stevejohnson !
Thanks,
Tommy
Circling back around to this…
Adding the following to .htaccess file worked.
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
If server configuration doesn’t allow SetEnvIf directives in .htaccess, may have to modify httpconf file.
1 Like
Glad it worked @stevejohnson ! Thanks for helping Tommy!