For app_deauthorized events, what is the signature generated from?

Hi folks,

I see that the event for a user deauthorising my app will be sent, and the data will look like:

  "event": "app_deauthorized",
  "payload": {
    "user_data_retention": "false",
    "account_id": "EabCDEFghiLHMA",
    "user_id": "z9jkdsfsdfjhdkfjQ",
    "signature": "827edc3452044f0bc86bdd5684afb7d1e6becfa1a767f24df1b287853cf73000",
    "deauthorization_time": "2019-06-17T13:52:28.632Z",
    "client_id": "ADZ9k9bTWmGUoUbECUKU_a"

Is the signing key here the ‘Verification token’ for signing events? Which data is the signature created from? The payload minus signature?

Hey @tomhamiltonstubber,

Thank you for reaching out to the Zoom Developer Forum. Good question! the signature is a field that Zoom uses to identify the request is valid and matches the App Deauthorized event sent to your app.

This is separate from the Verification Token which can be used by your endpoint to validate that the App Deauthorized event originated from Zoom.

I hope that helps! Let me know if you have any questions.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.