We are using the “Incoming Webhook Chatbot” to post images to a Zoom channel using the 3 steps described in the “Examples of how to send messages with an image” section in KB00676404 using Python.
support dot zoom dot com /hc/en/article?id=zm_kb&sysparm_article=KB0067640
The process works most of the time, but an “Invalid signature” is generated almost every other time a request is sent. Are there any special considerations where generating the signature and timestamp?
Any ideas on what the issue may be?
When the api works I can call the “format=upload” api and the signature is accepted:
Dear I think these are the causes of this problem
Incorrect timestamp format: Ensure the timestamp is in milliseconds and generated correctly.
Signature calculation issues: Double-check the signature generation process, including the secret key and algorithm used.
Rate limiting: If sending requests too frequently, Zoom’s API might be rate-limiting your requests. Consider implementing a delay between requests.
Thank you for replying.
The issue was that the python generated signature was being generated using the base64.urlsafe_b64encode, which replaces + with -, which the Zoom signature is not expecting.
I’ve had this same issue with the “Invalid signature” error when using the Incoming Webhook Chatbot. It’s frustrating because it sometimes works fine, and other times it fails with the exact same setup. Here are a few things I’ve noticed that can affect the signature validation:
Timestamp Drift: I found that even minor drifts in the timestamp (even by a few seconds) can lead to the “Invalid signature” error. In my case, making sure the timestamp was always as close to the request time as possible (using the current epoch time in milliseconds) helped minimize errors. It might help to re-check your timestamp generation code to ensure it’s accurate to the second.
Repeated Signatures: If I reuse a signature for multiple requests (like in a loop or retry), it often throws this error. It seems that each request needs a fresh signature generated in real-time. I had better results when I re-generated the signature every time a new request was made.
Character Encoding: Sometimes, if there’s even a minor discrepancy in encoding or if whitespace creeps into the signature string, it results in an “Invalid signature.” Double-checking the encoding (UTF-8 typically works best) and ensuring no extra whitespace or newline characters were in the string solved this issue for me a few times.
Hope this gives some direction! This issue can be pretty tricky to nail down, but making the above tweaks definitely helped me reduce the errors.