Cannot use secret_token to validate deauthorization event

It seems it’s currently only possible to verify the deauthorization event using the verification_token, and not the secret_token. This is despite the verification_token being planned for deprecation in October 2023.

Am I missing something? Could you add the x-zm-request-timestamp and x-zm-signature to the deauthorization event headers so that it can be verified using the secret_token, like all other events?

Currently I get the following deauthorization event

POST /webhooks/conferencing/zoom/deauthorize HTTP/1.1
User-Agent: zoom-marketplace/1.0
Content-Length: 303
Accept: */*
Accept-Encoding: gzip
Authorization: XXXX
Clientid: XXXX
Content-Type: application/json;charset=UTF-8
X-Forwarded-Proto: https


Hi @leexi
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Have you been able to fix this issue or do you still need assistance from us?
Let me know :slight_smile: