The documentation for webhooks at https://marketplace.zoom.us/docs/api-reference/webhook-reference says that an ‘authorization’ header is sent by Zoom and the value can be compared to the Verification token shown on the Features page of my Marketplace app.
I have a number of webhooks being sent, none of which contain the ‘authorization’ header, that I can see. None of my logs show the verification token string being sent at all, anywhere in the POST request, as a header or otherwise.
Am I missing something?
I really need to authenticate POST requests to my endpoints; the only thing unique I see right now is a ‘clientid’ header.