Re-validation webhooks

qatlvprod · April 18, 2023, 11:43am

when receiving web-hook we get header > authorization={verification token taken from ‘add features’}, this token will retire in October 2023. Does zoom plan on sending the secret instead? and if so, when?
according to: https://developers.zoom.us/docs/api/rest/webhook-reference/#verify-webhook-events

we should take timestamp:requestBody and hash those with the secret from ‘add features’ tab and compare to x-zm-signature header. how do you propose to implement this? on firewall/load balancer level or application level?

is it enough to check authorization header?

elisa.zoom · April 19, 2023, 6:39pm

Hi @qatlvprod
Thanks for reaching out to us, I am happy to help here!
Yes, we are retiring the verification token later this year and the secret token will be used as the authorization method.

Here is a sample app that you can use to understand how to implement this on your application:

This is application level since every app comes with its own secret token

Hope this helps!
Elisa

qatlvprod · April 23, 2023, 7:11am

thanks ill take a look and let you know

system · April 25, 2024, 10:48pm

This topic was automatically closed 368 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authenticate webhook POST from Zoom API and Webhooks	8	3058	August 21, 2020
Webhook validation change using secret token versus Chat Bot Event Notification Validation? API and Webhooks	0	329	July 5, 2023
Webhook Validation and Verification Process Authentication webhooks , api	1	168	October 18, 2023
Unable to verify zoom's web hook request with Zoom's header API and Webhooks webhooks , recording	15	658	July 15, 2023
Handle webhooks secret token verification with many accounts Meetings webhooks	3	635	June 20, 2023

Re-validation webhooks

Related Topics