endpoint.url_validation is a webhook event type sent to production Zoom apps to validate that the URL is owned by the person maintaining the app.
Description
I got an email today that said that we’ve been failing the url_validation for the past few days. We have not made any changes on our end, so this is quite confusing.
Here’s the code that is constructing the response:
const { plainToken } = parsedEvent.payload
const encryptedToken = hashZoomString(
plainToken,
ZOOM_ADMIN_EVENT_SECRET_TOKEN,
)
ctx.body = { plainToken, encryptedToken }
ctx.status = 200
export function hashZoomString(text: string, secretToken: string): string {
return crypto.createHmac("sha256", secretToken).update(text).digest("hex")
}
Here’s what I’ve tried:
- confirmed that token is correct
- reconstructed a request and sent it to the production server. I got back the expected response.
- created a new zoom app, pointed it to my local dev environment (using the new app’s secret token), and did the URL validation. The code is exactly the same as what is running in production. The validation succeeded with no issues.
Something odd that I noticed:
- we have logs of when we receive the endpoint.url_validation messages. According to the documentation, Zoom revalidates every 72 hours. However, in checking the logs, I only see validation requests today and 3 days ago. There are no validation requests prior to that. The production app has been approved for several months, so this is somewhat confusing. It seems like Zoom wasn’t sending these validation requests for some time, and then spontaneously started and they’re failing.
Is there any way to get some more information on what is being received by Zoom so we can troubleshoot this?