reid
February 3, 2023, 4:54pm
1
I had a support ticket that got escalated with final email indication to post in here.
We have groups that integrate into our platform using JWT app and we all of the sudden are getting reports on this when they are trying to follow through with zoom integrations with the event notification endpoint URL. Basically a “URL Validation failed. Try again later.”
We have verified that the webhook endpoint requirements are being met. The webhook url hasn’t changed in years.
It is https://
We verified via a 3rd party tool that TLS 1.2+ is required and SSL cert is issued by a CA. SSL Server Test: manager.ce21.com (Powered by Qualys SSL Labs)
The domain is FQDN. manager.ce21.com
The endpoint does accept POST with json body
and will return the appropriate HTTP status code.
Is there any indication of which of these is causing the validation failure?
rarev
February 3, 2023, 10:48pm
2
Hey @reid ,
Sometimes validation can fail because you aren’t setting the status correctly, or the encryption token that was sent back doesn’t match the encryption token in the header.
Can you confirm that the status is being set to 200 or 204 and that the encryption tokens match?
@reid Hope you will be fine.
Which platform you are using e.g NodeJS or no-code platforms?
Here is NodeJS validation sample
app.post('/api/zoom/events', async (req, res) => {
if (req.body.event == 'endpoint.url_validation') {
let encryptedToken = crypto.createHmac('sha256','Your Secret Token').update(req.body.payload.plainToken).digest('hex');
return res.json({
plainToken: req.body.payload.plainToken,
encryptedToken: encryptedToken
})
}
});
Here is the session → How to enable Zoom WebHooks .
Uma
February 14, 2023, 8:52am
5
I’m trying to validate the webhook URL in Zoom using AWS Lambda and getting error as “URL Validation failed. Try again later" and not able to validate the URL.I have followed the same steps which is given in Documentation .
I can able to validate the URL by using VS code and facing this issue only on AWS Lambda.
I’m facing the issue while checking the condition if (req.headers[‘x-zm-signature’] === signature) ,x-zm-signature and signature is getting varied.
Here is NodeJS validation sample
const crypto = require(“crypto”);
function oauthValidator(req){
const message = v0:${req.headers['x-zm-request-timestamp']}:${JSON.stringify(req.body)}
const hashForVerify = crypto.createHmac(‘sha256’, process.env.ZOOM_WEBHOOK_SECRET_TOKEN).update(message).digest(‘hex’)
const signature = v0=${hashForVerify}
if (req.headers[‘x-zm-signature’] === signature) {
if(req.body.event === 'endpoint.url_validation') {
const hashForValidate = crypto.createHmac('sha256', process.env.ZOOM_WEBHOOK_SECRET_TOKEN).update(req.body.payload.plainToken).digest('hex')
response = {
message: {
plainToken: req.body.payload.plainToken,
encryptedToken: hashForValidate
},
status: 200
}
return {
"status":response.status,
"message":response.message
}
} else {
response = { message: 'Authorized request to Webhook Sample Node.js.', status: 200 };
return {
"status":response.status,
"message":response
};
}
} else {
response = { message: 'Unauthorized request to Webhook Sample Node.js.', status: 401 };
return response;
}
Please help me on to get this validation done. Thanks…!
Hi @Uma , did you find the solution with aws lambda? I am also facing same issue, please let me know if you get the solution.
Did you use aws lambda to solve the problem? I’m having the same problem, so if you find a solution , do let me know.
I have the below python code which is pretty straightforward.
import hashlib
import hmac
# Secret token
secret_token = "zoom-secret-token"
# Get the plainToken from the request body
# PS: My request payload contains `plain_token` and not `plainToken`
plain_token = request.data["payload"]["plain_token"]
# Example usage:
hashed_token = hmac.new(
key=secret_token.encode(),
msg=plain_token.encode(),
digestmod=hashlib.sha256,
).hexdigest()
# # Create the response JSON object
response_json = {"plainToken": plain_token, "encryptedToken": hashed_token}
ryan5
March 11, 2024, 8:30pm
11
@reid were you able to get this working?similar issue and have gotten nowhere with Zoom support — and no responses to our ticket.
jheavner
April 13, 2024, 12:33pm
12
I gave ChatGPT the instructions from Zoom’s documentation and it generated the following code for me, which did pass validation.
import json
logger = logging.getLogger()
SECRET_TOKEN = ‘secret-token’
def lambda_handler(event, context):
# Parse the JSON body from the incoming event
try:
body = json.loads(event.get('body', '{}'))
except json.JSONDecodeError:
logger.error("Error decoding JSON from the body")
return {
'statusCode': 400,
'body': json.dumps({'message': 'Invalid JSON in request body'})
}
logger.info("Parsed body: %s", body)
# Handle Zoom verification request
if body.get('event') == 'endpoint.url_validation':
plain_token = body.get('payload', {}).get('plainToken')
if plain_token:
# Compute HMAC SHA-256 hash
encoded_secret = bytes(SECRET_TOKEN, 'utf-8')
encoded_plain_token = bytes(plain_token, 'utf-8')
hmac_sha256 = hmac.new(encoded_secret, encoded_plain_token, hashlib.sha256)
encrypted_token = hmac_sha256.hexdigest()
# Create response object
response_body = {
'plainToken': plain_token,
'encryptedToken': encrypted_token
}
return {
'statusCode': 200,
'headers': {
'Content-Type': 'application/json'
},
'body': json.dumps(response_body)
}
else:
logger.error("plainToken not found in the payload")
return {
'statusCode': 400,
'body': json.dumps({'message': 'plainToken not found'})
}
# Default response for any other requests
return {
'statusCode': 200,
'headers': {
'Content-Type': 'application/json'
},
'body': json.dumps({'status': 'received'})
}
