Hi Tommy,
Thanks! I still don’t see my app’s Verification Token: I’m working in PHP so I would expect to find it (I think!) in the incoming request’s headers (as obtained from PHP’s apache_request_headers() function, or directly in $_SERVER['HTTP_{uppercaseHeaderName}'], i.e. $_SERVER['HTTP_AUTHENTICATION'] in this case).
Even if I’m looking it up in the wrong way I would expect to see that token value present SOMEWHERE in the payload, but I don’t. Perhaps this is because my app is still not yet approved for the marketplace?
Nevertheless, I figure requiring a match on the client_id HTTP header (which is present as expected), plus all the other values that have to line up, enables my code to be pretty darn sure that the request originated from Zoom!
To the other issue, that Node.js example you gave me was super helpful: I see now that sending the 'Content-Type: application/json' header and sending the payload as JSON encoded is the key. (I had been doing form-based postings of the payload, which was wrong and presumably the cause of the “Internal Error” message.)
So on balance I’d say I’m good; thanks again for your help!
Cheers,
John