Re-validation webhooks

  1. when receiving web-hook we get header > authorization={verification token taken from ‘add features’}, this token will retire in October 2023. Does zoom plan on sending the secret instead? and if so, when?

  2. according to:

we should take timestamp:requestBody and hash those with the secret from ‘add features’ tab and compare to x-zm-signature header. how do you propose to implement this? on firewall/load balancer level or application level?

  1. is it enough to check authorization header?

Hi @qatlvprod
Thanks for reaching out to us, I am happy to help here!
Yes, we are retiring the verification token later this year and the secret token will be used as the authorization method.

Here is a sample app that you can use to understand how to implement this on your application:

This is application level since every app comes with its own secret token

Hope this helps!

1 Like

thanks :slight_smile: ill take a look and let you know

1 Like