Trying to integrate webhook functionality with splunk

I am trying to integrate zoom with splunk using JWT authentication with a web hook attached to this. When I am trying to test the zoom connection, the splunk side is not receiving any information and zoom is receiving 500 or 404 error codes.

We need to find out paths for the splunk side to enter for zoom:

  • Configure an input for retrieving information from zoom

  • secret =

  • The secret key to decode the JWT encoded payload

port =

  • The port to run the input on


  • path =
  • A wildcard that must match the path of the jwtwebhooks request
    i* Example: /my_jwtwebhook/*

cert_file =

  • A path to an SSL certificate file. Including this will cause the app to use SSL/TLS.
  • The file typically uses the file extension of either .DER, .PEM, .CRT, or .CER
  • The path will be interpreted relative to the SPLUNK_HOME path if it is relative
  • Example: etc/auth/splunkweb/cert.pem

key_file =

  • A wildcard that must match the path of the jwtwebhooks request

  • The file typically uses the file extension of .KEY

  • The path will be interpreted relative to the SPLUNK_HOME path if it is relative

  • Example: etc/auth/splunkweb/privkey.pem

  • password =

  • A password to decrypt the private key if encrypted

  • Leave it empty if the private key is not encrypted


can you share us a sample API request? If it contains confidential information, can you send it to


Hey @Ojus – having the same issue as Lauren. Can you share any insight?

Hey @esharew,

Can you please provide steps to reproduce the issue and which error messages you are seeing? :slight_smile:


Hi @Ojus so we seem to have got round this, but we have a new problem… We currently have splunk logs set up and returning data from the webhooks in zoom, however on the webhook ‘user updated’ the logs are not returning the user email (this works with user deactivation/activation), it returns the user ID but not email. Is this an easy fix or something thats already been worked on?
I can send a screenshot of the information if that helps !

Hi @lauren.olphert,

Would you mind sending that screenshot of the webhook payload, just to make sure we’re on the same page? If it contains confidential information, you can send this to and reference this thread.


Hey @will.zoom, I’ve sent a screenshot of the splunk log to that email address.
The issue is that there is a user id (which can be used to track down the user) but not the user email being returned in the user.updated section.

Thanks @lauren.olphert! I’ve continued the conversation there.


Has anyone worked through any SSL certification issues while trying to export Zoom data into Splunk?

The Splunk App for Zoom, with the Webhook Only App create - fails with 500 errors and * warning: ignoring value of ssl.verifyhost

  • NSS error -5938
  • Closing connection #0
  • SSL connect error
    curl: (35) SSL connect error

Hey @andy.bean,

While this sounds to be a Splunk-related cert intricacy, have you had any luck checking out this error on stackoverflow or other forums? While not exactly the same, perhaps you’ll find something like this helpful:


Thanks Will - we changed the Port number and made a step forward but have not faced -
We tried jwt token option today, based on zoom guidelines


curl --request GET --url ‘’ --header ‘authorization: Bearer {eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOm51bGwsImlzcyI6IllLVTNJZ1lmUlBXZzF1dTNyaDNfNVEiLCJleHAiOjE2MDIwOTE4MjYsImlhdCI6MTYwMTQ4NzAyN30.vAUxwhu4stsopCMb76J3uQLV0CxYqN_UDpxE-yTv-sg}’ --header ‘content-type: application/json’

With response:

{“code”:124,“message”:“The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256”}

Hey @andy.bean,

Are you having this issue if you test the request in Postman by copying the JWT token directly from your app in the marketplace? It sounds like there’s an issue with how you’re generating the token. Can you let me know if this thread helps:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.