Thank you for providing additional information.
We require deauthorisation/deleted/dissociated webhooks
What scopes are actually required for these endpoints, as within the GUI to add the events it suggests that you need write scopes for the user? This struck us as a bit strange, and indeed we’ve received this webhook without it being requested from our app.
The Webhooks you mentioned do indeed require User read/write scopes. When you select a Webhook event that requires a scope, as listed in the GUI:
Then, the requisite scope will automatically be selected. In fact, you won’t be able to deslect the scope until you remove the event subscription.
Upon the addition of Event Notifications to an existing application, can we expect to receive notifications for all OAuthed users, or does this require a reconnection? Assuming we don’t need write scopes for the user (we only have write scopes for meetings, rather than the user themselves) we already have the existing scopes needed.
Due to the above behavior, if you select an event subscription that requires additional scopes, it will also require that users re-authorize your app before you’re able to receive events from that user.
Is there any expected latency/delay expected from the addition of event notifications to an app and for webhooks beginning to be triggered.
I’m not aware of a delay or any sort of propagation time when it comes to adding event subscriptions. If you added one that requires new scopes, then it may take time for users to be prompted to re-authorize your app depending on how often they access it and if your logic sends then to the authorize endpoint when an invalid OAuth token is seen.
I hope that helps! Let me know if you have any questions.