The documentation for webhooks at https://marketplace.zoom.us/docs/api-reference/webhook-reference says that an ‘authorization’ header is sent by Zoom and the value can be compared to the Verification token shown on the Features page of my Marketplace app.
I have a number of webhooks being sent, none of which contain the ‘authorization’ header, that I can see. None of my logs show the verification token string being sent at all, anywhere in the POST request, as a header or otherwise.
Am I missing something?
I really need to authenticate POST requests to my endpoints; the only thing unique I see right now is a ‘clientid’ header.
Any ideas?
tommy
April 28, 2020, 9:11pm
2
Hey @stevejohnson ,
What language are you using for your server?
The verification token should be included, but depending on how you are receiving requests it could differ where in the header to find it.
Hey @john !
You are correct, you will only receive the Deauthorization Event Notification Webhook with the Production version of your app. You can test this by installing the production version of your app via your apps publishable URL,
[54%20PM]
And then uninstalling your app on your “Installed Apps” page.
[21%20PM]
I made a simple PHP web server and was able to see the Verification Token in the request headers (when testing a Zoom event/webhook sent to my server). Here is my code:
Examp…
Thanks,
PHP
This is output of PHP’s getallheaders() (sensitive values 'x’ed):xxxxxx.net
And the relevant part of $_SERVER (again, 'x’ed)xxxxxxxx.net
tommy
May 4, 2020, 11:15pm
4
Hey @stevejohnson ,
I belive the issue is on your PHP server configuration side of things. Checkout this stackoverflow:
Thanks,
Thanks for that, didn’t occur to me to look there.
1 Like
tommy
May 7, 2020, 6:01pm
6
Let me know if you resolve the issue @stevejohnson !
Thanks,
Circling back around to this…
Adding the following to .htaccess file worked.
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
If server configuration doesn’t allow SetEnvIf directives in .htaccess, may have to modify httpconf file.
1 Like
Glad it worked @stevejohnson ! Thanks for helping Tommy!
