Format Your New Topic as Follows:
API Endpoint(s) and/or Zoom API Event(s)
recording.completed Webhook Event
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.
recording completed webhook: Meeting Webhooks
webhook verification flow using custom header: Using webhooks
Description
I am changing an existing production webhook flow to use the updated “verify with your own header” flow. However, I’m noticing this new custom header is missing from production webhooks. Below are additional details regarding steps taken and how i’ve tested our internal system.
Marketplace settings
In the zoom marketplace app settings, I have set the configuration to send custom headers and clicked ‘saved’. When I refresh the page, these changes are persisted. Our new custom header is using the standard x-prefix custom header. sample screenshot attached for where we updated it in the UI (actual header differs).
Our Application
Our internal applications have been updated to accept this new header (anything not in this ‘allow-list’ is stripped out). I have verified this header is accepted when it is set. However, we are getting errors that this header is missing in webhooks sent from zoom (suggests this header is missing in the request).
Error?
The new custom header that we set is absent from the webhooks, see screenshot.
How To Reproduce
Steps to reproduce the behavior:
1. Request URL / Headers (without credentials or sensitive info like emails, uuid, etc.) / Body
https://www.coursera.org/api/zoomEventWebhooks.v1/?action=webhook
2. Authentication method or app type
Oauth App. Verification using custom header.
3. Any errors
absent headers. see screenshot for sample error we raise for missing header.
Steps taken to verify our internal system works as expected:
-
take existing recording.completed webhook, copy it into postman and add the new custom header / value and send to https://www.coursera.org/api/zoomEventWebhooks.v1/?action=webhook.
-
verified that this header is present and doesnt throw an error when request is sent this way (ie verifies that our internal system is not stripping out this header).
