For app_deauthorized events, what is the signature generated from?

tomhamiltonstubber · March 4, 2021, 11:29am

Hi folks,

I see that the event for a user deauthorising my app will be sent, and the data will look like:

{
  "event": "app_deauthorized",
  "payload": {
    "user_data_retention": "false",
    "account_id": "EabCDEFghiLHMA",
    "user_id": "z9jkdsfsdfjhdkfjQ",
    "signature": "827edc3452044f0bc86bdd5684afb7d1e6becfa1a767f24df1b287853cf73000",
    "deauthorization_time": "2019-06-17T13:52:28.632Z",
    "client_id": "ADZ9k9bTWmGUoUbECUKU_a"
  }
}

Is the signing key here the ‘Verification token’ for signing events? Which data is the signature created from? The payload minus signature?

MaxM · March 5, 2021, 12:34am

Hey @tomhamiltonstubber,

Thank you for reaching out to the Zoom Developer Forum. Good question! the signature is a field that Zoom uses to identify the request is valid and matches the App Deauthorized event sent to your app.

This is separate from the Verification Token which can be used by your endpoint to validate that the App Deauthorized event originated from Zoom.

I hope that helps! Let me know if you have any questions.

Thanks,
Max

system · April 4, 2021, 10:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot use secret_token to validate deauthorization event Authentication webhooks	2	488	June 12, 2023
Deauthorization webhook trigger API and Webhooks webhooks	4	195	October 27, 2023
Webhook for the "Disable" app event? API and Webhooks webhooks	6	428	March 13, 2024
How to make Deauthorization of Zoom? Authentication	7	1388	April 15, 2022
Deauthorisation api API and Webhooks	6	1765	August 21, 2020

For app_deauthorized events, what is the signature generated from?

Related Topics