Secret Token Change - Zoom Apps Deauthorization Notification

dom.fernandez · August 25, 2023, 5:57pm

###Secret Token Change - Zoom Apps Deauthorization Notification

Description

Our Zoom app has an endpoint configured for our app’s Deauthorization Notification (Deauthorization).

We are currently using our app’s Verification Token to verify that requests coming to this endpoint are from Zoom. However, Zoom is retiring the usage of this Verification Token in October, and pivoting to using the Secret Token.

Our Zoom app does not yet have a Secret Token generated. We need to press the Generate button to obtain it.

Before we generate the Secret Token and change our endpoint to verify incoming requests using this Secret Token, we want to ask:

If we press the Generate button to obtain the Secret Token, will it stop sending the Verification Token to our Deauthorize Notification endpoint?
When the Verification Token expires, do we have to follow the HMAC SHA-256 hashing in our Deauthorization Notification endpoint as specified here (Using webhooks) to verify that the request came from Zoom?

ojus.zoom · September 8, 2023, 10:28pm

Hi @dom.fernandez

You dont need to validate the deauthorization endpoint. And after october the secret token will replace the verification token.

Topic		Replies	Views
Cannot use secret_token to validate deauthorization event Authentication webhooks	2	492	June 12, 2023
OAuth App Submission -- Deauthorization URL App Submission	3	458	January 11, 2023
Deauthorization flow API and Webhooks	9	1216	December 23, 2023
Oauth verification token for Deauthorization API and Webhooks faq	5	1195	October 15, 2021
Deauth compliance App Marketplace	8	719	December 4, 2020

Secret Token Change - Zoom Apps Deauthorization Notification

Related Topics