Re-validation webhooks

qatlvprod · April 18, 2023, 11:43am

when receiving web-hook we get header > authorization={verification token taken from ‘add features’}, this token will retire in October 2023. Does zoom plan on sending the secret instead? and if so, when?
according to: https://developers.zoom.us/docs/api/rest/webhook-reference/#verify-webhook-events

we should take timestamp:requestBody and hash those with the secret from ‘add features’ tab and compare to x-zm-signature header. how do you propose to implement this? on firewall/load balancer level or application level?

is it enough to check authorization header?

elisa.zoom · April 19, 2023, 6:39pm

Hi @qatlvprod
Thanks for reaching out to us, I am happy to help here!
Yes, we are retiring the verification token later this year and the secret token will be used as the authorization method.

Here is a sample app that you can use to understand how to implement this on your application:

This is application level since every app comes with its own secret token

Hope this helps!
Elisa

qatlvprod · April 23, 2023, 7:11am

thanks ill take a look and let you know