Python webhook validation

angela83 · July 3, 2023, 4:38pm

Hi team

I am having an issue validating a webhook using the webhook secret token in Python in my Flask app. Whatever I try it is not matching the x-zm-signature received in the request header. I suspect it is something to do with the way the request body is read and used.

This is the code snippet that I am using. Any help appreciated.

#validate request came from Zoom
content = json.dumps(request.json, separators=(‘,’, ‘:’))
x_zm_signature = request.headers[‘x-zm-signature’]
x_zm_request_timestamp = request.headers[‘x-zm-request-timestamp’]
message = “v0:{}:{}”.format(x_zm_request_timestamp,content)
hashed_message = hmac.new(
str(app_config.ZOOM_SECRET_TOKEN),
msg=message,
digestmod=hashlib.sha256
).hexdigest()
signature = “v0={}”.format(hashed_message)
if x_zm_signature != signature:
#request did not come via the zoom service
status_code = httplib.UNAUTHORIZED
response = ‘error’
return jsonify(response), status_code

Thanks

angela83 · July 4, 2023, 9:38am

for whoever is facing this issue, I was able to resolve it by using request.data when constructing the message instead of using request.json

message = “v0:{}:{}”.format(x_zm_request_timestamp,request.data)

Topic		Replies	Views
Implementing client secret validation Events webhooks	3	1452	March 1, 2023
Webhook URL validation failed in python API and Webhooks webhooks	1	381	September 20, 2023
Unable to verify zoom's web hook request with Zoom's header API and Webhooks webhooks , recording	15	658	July 15, 2023
Validation of webhook endpoint url not working API and Webhooks webhooks , s2s-oauth	12	375	December 8, 2023
Unable to validate the webhook URL in Python Meetings webhooks , api	2	608	January 30, 2023

Python webhook validation

Related Topics