Webhooks can be validated via the “Verification Token”. It is in the header of every request sent from Zoom so you can validate it with all incoming requests to your Webhook endpoint url. Keep the “Verification Token” secret, if it does get exposed you can simply regenerate it on the Zoom Marketplace Dashboard.
Thanks Tommy - great information. My application does Bearer Token authentication that does time out. Have you had to deal with something like that before?
Your application using the Bearer Token method should not effect the Webhooks or Verification Token.
Although, if you only accept requests with a Bearer Token then you will need to open up your Zoom endpoint url to accept requests and validate against the Verification Token.