Python webhook validation

Hi team

I am having an issue validating a webhook using the webhook secret token in Python in my Flask app. Whatever I try it is not matching the x-zm-signature received in the request header. I suspect it is something to do with the way the request body is read and used.

This is the code snippet that I am using. Any help appreciated.

#validate request came from Zoom
content = json.dumps(request.json, separators=(‘,’, ‘:’))
x_zm_signature = request.headers[‘x-zm-signature’]
x_zm_request_timestamp = request.headers[‘x-zm-request-timestamp’]
message = “v0:{}:{}”.format(x_zm_request_timestamp,content)
hashed_message =
signature = “v0={}”.format(hashed_message)
if x_zm_signature != signature:
#request did not come via the zoom service
status_code = httplib.UNAUTHORIZED
response = ‘error’
return jsonify(response), status_code


for whoever is facing this issue, I was able to resolve it by using when constructing the message instead of using request.json

message = “v0:{}:{}”.format(x_zm_request_timestamp,

1 Like