Unable to verify zoom event webhooks if body contains emojis

We have recently updated to the newly suggested event webhook verification strategy and now use the x-zm-signature header and construct a hash using the event body.

We have noticed that event verification is consistently failing for events where the request body contains user names with emojis. Most emojis cause problems, but some emojis (e.g. :white_check_mark:) don’t.

Please see an image of our logs here, all events that fail verification have this property in common.

In contrast, see logs for the rest of the events of this meeting, events are successfully validated if emojis are not present in the names (blue bars on the left show success status) here.

Constructed signature and signature sent in the x-zm-signature header are not equal only for these cases. It works fine for the rest of the events.

How To Reproduce
This is difficult to reproduce because Zoom does not allow adding any of the emojis shown above in the user name or display name any more. My understanding is that users that have emojis in their names are older accounts from a time this was not validated. The few emojis that are currently supported in names (e.g. :golf:,:v:,:white_check_mark:,:alarm_clock:,:hourglass: ) work fine.

Hi @tayyab
Thanks for bringing this to our attention.
I will make sure to look into this and share my findings with you.

Hey @elisa.zoom , any update here? Failing to verify these events affects our user experience as we are unable to detect the correct number of participants in the meeting.

Hey @tayyab
I have not been able to replicate this at all. I am not able to add any emojis to users names and I am having trouble replicating this

I will send you a private message @tayyab to exchange more information

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.