when receiving web-hook we get header > authorization={verification token taken from ‘add features’}, this token will retire in October 2023. Does zoom plan on sending the secret instead? and if so, when?
we should take timestamp:requestBody and hash those with the secret from ‘add features’ tab and compare to x-zm-signature header. how do you propose to implement this? on firewall/load balancer level or application level?
Hi @qatlvprod
Thanks for reaching out to us, I am happy to help here!
Yes, we are retiring the verification token later this year and the secret token will be used as the authorization method.
Here is a sample app that you can use to understand how to implement this on your application:
This is application level since every app comes with its own secret token