Far too short notice on webhook verification change

Format Your New Topic as Follows:

API Endpoint(s) and/or Zoom API Event(s)
Notification of webhook validation changes: Webhook validation and verification changes - Zoom Updates

Description
That is a giant change to be making and only telling us about only one week ahead of time. Please reconsider the deployment timeline on this. The other change in that past is scheduled for August 2023, which we have time to plan for.

We have too many shared users who will be quite negatively affected by this. I urge you to postpone.

4 Likes

We have 7000 shared monthly active users who will be negatively impacted if this timeframe stands

Hi there!

We urgently need more information on this change.

The documentation on the new process says to use the webhook’s secret token as the secret/salt when creating the salt. However, we don’t currently have a secret token, which raises a number of questions and concerns.

  1. If I generate a Secret Token in our app by clicking on the Generate button next to the Secret Token field, will that one start getting sent immediately? Or do I need to submit the app for review first, thus making the timeline even tighter?

  2. Since the Secret Token will be eventually taking the place of the Verification Token, if I generate a Secret Token will it stop sending the Verification Token in every webhook? We rely on that verification token now.

Can you clarify this line:

This will be required for new webhooks created after this date.

Does that mean if we already have a webhook (event subscription) set up that nothing will change until we create a new one?

Hi @scott.halgrim, thank you for the feedback, we’ve shared with a number of teams working on this.

What you’re seeing is a new requirement in our app creation process and not an enforcement on existing subscriptions. New webhook subscriptions will require a challenge-response check, but existing subscriptions have until August 2023 to implement validation.

1 Like

I’m checking with our Product and Engineering teams on the effects of generating a secret token for a published application / subscription created before this release. My understanding is we will continue to send verification tokens for existing subscriptions but want to confirm.

Thanks, Michael. I really appreciate that. Look forward to hearing about how long existing verification tokens will be sent, but the clarity on the rest of this is :100:

1 Like

Confirming here, we will continue to send verification tokens for existing subscriptions :+1: