I am trying to integrate zoom with splunk using JWT authentication with a web hook attached to this. When I am trying to test the zoom connection, the splunk side is not receiving any information and zoom is receiving 500 or 404 error codes.
We need to find out paths for the splunk side to enter for zoom:
[zoom_input://]
Configure an input for retrieving information from zoom
secret =
The secret key to decode the JWT encoded payload
port =
The port to run the input on
q!
path =
A wildcard that must match the path of the jwtwebhooks request
i* Example: /my_jwtwebhook/*
cert_file =
A path to an SSL certificate file. Including this will cause the app to use SSL/TLS.
The file typically uses the file extension of either .DER, .PEM, .CRT, or .CER
The path will be interpreted relative to the SPLUNK_HOME path if it is relative
Example: etc/auth/splunkweb/cert.pem
key_file =
A wildcard that must match the path of the jwtwebhooks request
The file typically uses the file extension of .KEY
The path will be interpreted relative to the SPLUNK_HOME path if it is relative
Example: etc/auth/splunkweb/privkey.pem
password =
A password to decrypt the private key if encrypted
Leave it empty if the private key is not encrypted
Hi @ojus.zoom so we seem to have got round this, but we have a new problem… We currently have splunk logs set up and returning data from the webhooks in zoom, however on the webhook ‘user updated’ the logs are not returning the user email (this works with user deactivation/activation), it returns the user ID but not email. Is this an easy fix or something thats already been worked on?
I can send a screenshot of the information if that helps !
Would you mind sending that screenshot of the webhook payload, just to make sure we’re on the same page? If it contains confidential information, you can send this to developersupport@zoom.us and reference this thread.
Hey @will.zoom, I’ve sent a screenshot of the splunk log to that email address.
The issue is that there is a user id (which can be used to track down the user) but not the user email being returned in the user.updated section.
While this sounds to be a Splunk-related cert intricacy, have you had any luck checking out this error on stackoverflow or other forums? While not exactly the same, perhaps you’ll find something like this helpful:
Thanks Will - we changed the Port number and made a step forward but have not faced -
We tried jwt token option today, based on zoom guidelines https://marketplace.zoom.us/docs/guides/auth/jwt
Are you having this issue if you test the request in Postman by copying the JWT token directly from your app in the marketplace? It sounds like there’s an issue with how you’re generating the token. Can you let me know if this thread helps: