It seems it’s currently only possible to verify the deauthorization event using the verification_token, and not the secret_token. This is despite the verification_token being planned for deprecation in October 2023.
Am I missing something? Could you add the x-zm-request-timestamp and x-zm-signature to the deauthorization event headers so that it can be verified using the secret_token, like all other events?
Currently I get the following deauthorization event
POST /webhooks/conferencing/zoom/deauthorize HTTP/1.1
Host: XXXXX
User-Agent: zoom-marketplace/1.0
Content-Length: 303
Accept: */*
Accept-Encoding: gzip
Authorization: XXXX
Clientid: XXXX
Content-Type: application/json;charset=UTF-8
X-Forwarded-For: 134.224.191.1
X-Forwarded-Proto: https
{"event":"app_deauthorized","event_ts":1667985308769,"payload":{"account_id":"XXXX","user_id":"XXX","signature":"deb4da910bdb3f0e55515f3ed722f945cb07b59e60e3122b2b04d4f6349561ae","deauthorization_time":"2022-11-09T09:15:08.769Z","client_id":"XXXX"}}