Signature Verification Issue with Webhook

I am currently experiencing an issue with a webhook that I am using on Zoom. Specifically, the signature that I am receiving from the webhook does not match the signature that I am generating on my own through the payload.

As per the documentation provided by Zoom, the signature that I am receiving should match the expected signature that I am generating using the provided secret key. However, upon further investigation, I have found that the signatures are not matching, which is causing issues with the functionality of my webhook.

Here’s the function that I am using to generate the expected signature:

def verify_transaction(tms, content, signature):
message = f"v0:{tms}:{content}"
print(message)
hash = hmac.new(
key=bytes(WEBHOOK_SECRET_TOKEN, ‘utf-8’),
msg=bytes(message, ‘utf-8’),
digestmod=hashlib.sha256
).hexdigest()
expected_signature = f’v0={hash}’
print(signature)
print(expected_signature)
if signature == expected_signature:
return True
else:
return False

I have confirmed that the message being generated in this function is correct and the secret key provided by Zoom is also correct. However, the signature that I am receiving does not match the expected signature, which leads me to believe that there may be an issue with the Zoom webhook system.

Has anyone else experienced this issue or have any suggestions on how to resolve it? Any help or insights would be greatly appreciated.

@creatorbuzz46,

Thank you for posting in the Zoom Developer Forum! I have yet to run into the behavior described. Have you tested with Sample Webhook App to see if you can identify if there is anything wrong with your implentatin ? I’d recommend running the sample app and stepping through the function to check to see if the values are what you expect. Then you can compare the results for both implementation to narrow down what may be causing the issue with generating the expected signature in your implementation. Here is the link to the Sample App for reference:

Thank you for your response and for suggesting that I test the Sample Webhook App. Unfortunately, I have tested the app and am still experiencing the same issue with the signature not matching the expected value.

I have stepped through the function and verified that the values are as expected, which leads me to believe that there may be an issue with the Zoom webhook system. Is there any further troubleshooting that I can do to determine the root cause of this issue? Any suggestions or insights would be greatly appreciated.

Thank you for your assistance.

Dear Zoom Support Team,

I am writing to follow up on my previous message regarding the issue with verifying the signature for the webhook in my application.

Unfortunately, I have not received a response or further assistance regarding this matter. I understand that you may be busy, but resolving this issue is crucial for the functionality of my webhook integration with Zoom.

I have thoroughly tested the Sample Webhook App and have stepped through the function to ensure that the values are correct. Despite these efforts, the signature received from the webhook still does not match the expected signature generated using the provided secret key.

I kindly request your assistance in resolving this matter as soon as possible. If there are any additional troubleshooting steps or insights you can provide, I would greatly appreciate it.

Thank you for your attention to this matter, and I look forward to your response.

@creatorbuzz46,

Thank you follow up and sorry we did not get back to you sooner. For your concern, please see the verifying webhook events and validating endpoint URL walkthrough video: