Not receiving event subscriptions for unpublished app

Description
We currently have an unpublished application which we use on one of our staging environments. Specifically Appointedd T2 Dev (70MQP-hoTcyO-xFuLx3ksg), we are scoping some work to be deployed on our published application (https://marketplace.zoom.us/apps/bGOZ7p0QQouYjbUja8a5Mg). We need to set up some event-subscriptions and perform some logic when they occur (specifically user disabled type events). Here are the event subscriptions we’re attempting to link up. We have user read scopes.

Error
Not receiving any webhooks on the unpublished app!

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth (Account Level)

Which Endpoint/s?
n/a

How To Reproduce (If applicable)
Steps to reproduce the behavior:

1. Add event subscriptions to application w/ endpoint we’re monitoring
2. Perform an event which should trigger an event notification
3. No webhook recieved.
   Screenshots (If applicable)
   
   

   Screenshot 2020-12-13 at 14.22.301110×613 54.8 KB
   
   Additional context
   We’re unsure if this is because its an unpublished app but we’re hesitant to perform experiments on our production app. We believe we should be able to add these event-subscriptions without deauthorising/impacting our current tokens. Is that right?

Best,
Tom Kendrick,
Software Engineer
Appointedd

Hey @tkendrick,

Thank you for reaching out to the Zoom Developer Forum. You can definitely test Webhooks on an Unpublished app as long as it is installed. First, please make sure that the Webhook endpoint returns a 200 OK status. If Zoom doesn’t receive a 200 OK status, it will stop sending the Webhook. If that isn’t the cause, please provide the Webhook URL that you’re using and I’ll look into this further.

Thanks,
Max

Hi Max, thanks for getting back to me.

As we’re just scoping this out we haven’t implemented the endpoint in our app. We were just using a public webhook listener to verify we were receiving the notifications. Appointedd T2 Dev is currently pointing at a webhook.site listener which I’ve confirmed always responds with a 200 response code. Though we tried various others including just a raw netcat ngrok to see if we’re getting anything at all, so I’m reasonably confident the webhooks aren’t arriving at our end. I can post the specific endpoint if you wish however its just a default endpoint. (Would prefer not to include it in a public post - but can’t see a way to DM)

Thanks!
Tom

Hey @tkendrick,

I just sent you a DM. Let me know if you have any issues accessing it.

Thanks,
Max

I have a very similar issue like @tkendrick.

Description
I have created oAuth2 application with Draft status and it’s not published yet.
For the application, I turned on Events Subscriptions where I set two event notification endpoints:
development and production. Both endpoints work correctly and return a 200 OK status.

When I trigger an event then the event is being sent only to development endpoint but not to production.
Before I publish the application I would like to test production events too, but I don’t know why the events are not being sent to production endpoint.

Error
Events are sent only to development endpoint but not to production endpoint.

I would like to give you more details to Application and endpoints in DM.

Thanks,
Marcin

Hey @aircino and @tkendrick,

Thank you for reaching out to the Zoom Developer Forum. It’s important to note that you will only receive Webhook events for apps that are installed using the publishable URL. Let me know if that’s helpful @aircino.

@tkendrick Have you previously been able to receive other events at this endpoint, or is this a new implementation that hasn’t received an event yet?

I hope that helps!

Thanks,
Max

Hey @MaxM,
I uninstalled the application and I have installed again using Publishable URL but the events are being still sent only to development endpoint only but not to production endpoint.

It’s a new implementation and I have never received an event on production.
From my point view it looks like the production endpoint url is blocked by ZOOM. Is it possible? Event when I set the production endpoint in place of development then still the events are not being sent there.

What’s more…
I created also JWT application with two subscriptions: one for development and another for production.
Also for JWT application the events are sent only to development endpoint.

So from my perspective it looks like the production ednpoint is blocked by Zoom.
Are you able to verfiy it?

Thanks,
Marcin

Hey @aircino,

Thank you for providing additional information. It’s possible that Zoom will stop sending requests to an endpoint if in the past it has returned anything except a 200 OK response. I would confirm that this hasn’t happened before. I would also check the HTTP logs for the server to make sure that there isn’t another service interfering such as security services (ModSecurity, Firewall).

If that doesn’t help, please provide the endpoint that is having issues.

Thanks,
Max

Hey @MaxM, thanks for getting back to me.

I’m getting more sure that the endpoint is blocked.
When we have turned on the Event Subscriptions for oAuth application we set two endpoints: development and production endpoints although only the development was ready and returned a 200 OK status. The production endpoint returned 4xx status for several days.
After several days we have released the changes to production env and then the endpoint started returning 200 status. But from that point, neither event was sent to it.

Maybe that it’s our fault that we set the production endpoint for Event Subscription although it wasn’t ready, but the form requires to set both endpoints if I good remember.

I would like to give you the endpoint but it’s already production address so there is an option to send it in private message? It is protected but I would like to avoid unnecessary requests. How can I send a private message here?

Hey @aircino,

Thank you for the update. I sent you a DM where you can provide the endpoint.

Thanks,
Max

Hey @aircino,

Thank you for your patience. I’m just checking in to let you know that I haven’t forgotten about this issue. Right now, it seems like Zoom blocked the Webhook event because the endpoint was sending a 4xx status for a period of time. It sounds like you can avoid this by removing and re-adding the webhook event but I’m working to confirm with our internal team what the best method to re-enable the endpoint would be.

Thanks,
Max

Hey @MaxM,
Thank you for message. This issue is still important for me. I will try to remove/re-adding the webhook event. Let me know when you get the best method to re-eanble the endpoint from your team.

Thanks,
Marcin

Hey @aircino,

Excellent, let me know if that works for you. I’ll be sure to keep you posted on any new information I find on my end.

Thanks,
Max

Hey @aircino,

Thank you for your patience. Our internal team got back to me and indicated that the best way to reset the Webhooks Endpoint so that Zoom sends again is to disable and re-enable the app. We are also currently working on a system that will automatically email you if this happens in the future.

I hope that helps!

Thanks,
Max

Hey @MaxM,

Unfortunately, the events still don’t work for production endpoint. What do you mean by “disable and re-enable the app”? How can I do it? I don’t see those actions.
I did the following things:

1. I edited oAuth app and disabled Event Subscriptions - this action removed all Event Subscriptions settings:
2. I Enabled Event Subscriptions again and set Dev and Prod endpoints and added 2 events which I want to receive.
3. I Uninstalled production application
4. I Installed the production application using Publishable URL
5. Tested events.

It looks like the prod webhook address is still blocked. I set also the production webhook in place of development and the events are not sent too, but for our development address, they are sent.

So I’m not able to unblock production address.

Thanks,
Marcin

Hey @aircino,

I’ve since reached out to our engineering team to see if there is an issue with the back-end system . In the meantime, please confirm, you’re installing using the Publishable URL found on the Submit tab. (ZOOM-234015)

image789×200 21.5 KB

Thanks,
Max

Hey @MaxM ,
Yes, I’m using the Publishable URL from the Submit tab.

Thanks,
Marcin

Hey @aircino,

Our internal team got back to me and indicated that for the registration_created event, the webhook is returning a 301 status. Please make sure that there aren’t any redirects either through the server logic or DNS that are preventing these webhooks from completing successfully.

Let me know if you have any questions.

Thanks,
Max

Hi @MaxM,

I’ve been away for a while so just catching up on the status of this now. We’ve followed the steps above but can’t seem to get any consistency in the behaviour of these webhooks, they send occasionally but we can’t isolate what allows and prevents it. I’m just going to summarise our use case and ask a few questions we need clarity on.

We currently have an account level application, whereupon upon connecting to our software via an admin user, the account can then create meetings for any subuser within that Zoom account.

Use Case

We require deauthorisation/deleted/dissociated webhooks to notify us if the currently connected admin user can no longer serve their role, as this would cause meetings created on the behalf of subusers to fail.

We’ve attempted to add these events to our development apps, however can’t reliably get the webhooks. We created these event subscriptions and webhook fresh to ensure that non 200 responses are not a factor. Couple of questions that need some clarity.

Questions

• What scopes are actually required for these endpoints, as within the GUI to add the events it suggests that you need write scopes for the user? This struck us as a bit strange, and indeed we’ve received this webhook without it being requested from our app.

• Upon the addition of Event Notifications to an existing application, can we expect to receive notifications for all OAuthed users, or does this require a reconnection? Assuming we don’t need write scopes for the user (we only have write scopes for meetings, rather than the user themselves) we already have the existing scopes needed.

• Is there any expected latency/delay expected from the addition of event notifications to an app and for webhooks beginning to be triggered.

Thanks! Hope you had a good new year.
Tom