Handle webhooks secret token verification with many accounts

API and Webhooks Meetings
1

Webhooks verify event

Hi everyone, I have 4 different zoom accounts and I have implemented a webhooks app for each (all events received are the same endpoint) I use the meeting id to distinguish between different accounts.

The problem right now is that with the new webhooks validation, every one of these accounts has a unique secret token and it needs to be known from my end whereas no clue in the verification request for which app this token is.
{"event":"endpoint.url_validation","payload":{"plainToken":"token"},"event_ts":16716398},

The question is whether there is a way to send the meeting id alongside the url_validation request. or can I hard code the secret token in the webhooks app

More details
In documentation:
crypto .createHmac(‘sha256’, ```
ZOOM_WEBHOOK_SECRET_TOKEN

But in my case, there are 4 different secret tokens


Thank you
2

Hi,

Please build relation

// App 1
[{
VerificationToken:ssd9eksdlfjds,
SecretToken:sdkflsdfkjdskfd
},
// App 2
{
VerificationToken:ssd9eksdlfjds,
SecretToken:sdkflsdfkjdskfd
},
// App 3
{
VerificationToken:ssd9eksdlfjds,
SecretToken:sdkflsdfkjdskfd
},
// App 4
{
VerificationToken:ssd9eksdlfjds,
SecretToken:sdkflsdfkjdskfd
}]

then inside the request headers, you have an authorization header get that and filter the exact app secret from your list of 4 apps req.headers.authorization==apps[index].VerificationToken.

Screenshot 2022-12-21 at 10.47.25 PM
Screenshot 2022-12-21 at 10.47.25 PM1394×880 202 KB

3

This is great news. I will give it a try thank you!

4

With the verification token expiring, my solution to this problem is to use custom route for each zoom account -
api/zoom/events/1
api/zoom/events/2

and in the code identify the ID and use the secret token accordingly.