Validate your webhook endpoint in WordPress

i need help to validate the event notification endpoint URL for a Webhook only app in WordPress, so with PHP code

my code :

add_action( 'rest_api_init', function () {

    register_rest_route( 'zoom/v1', '/webinar/registration', array(
        'methods' => 'POST',
        'callback' => 'zoom_registration',
        'permission_callback' => function() { return true; }
    ) );

} );

function zoom_registration( WP_REST_Request $request ){
    $parameters = $request->get_params();
    if( 'endpoint.url_validation' == $parameters['event'] ):
        $response = zoom_url_validate( $parameters );
        return new WP_REST_Response( $response, 200 );
    return false;

function zoom_url_validate( $parameters ){
    $plainToken = $parameters['payload']['plainToken'];
    $encryptedToken = hash_hmac( 'sha256', $plainToken, ZOOM_SECRET_TOKEN, false );
    $hashForValidate = $encryptedToken;
    $return = ["plainToken" => $plainToken, "encryptedToken" => $hashForValidate ];
    $response = json_encode( $return );
    return $response;

Error in Zoom marketplace Apps
URL validation failed. Try again later.

Hey @bmahot

Could you print out what this function returns, you should be returning something that looks like this:

    "plainToken": request.body.payload.plainToken,
    "encryptedToken": hashForValidate

This is an example in node.

Also I would check that your hashForValidate and encyptedToken do match.


thanks for your help,

this is the parameters i receive :

    [payload] => Array
            [plainToken] => Yha30ltKQ5umDj64hxvm7Q

    [event_ts] => 1672994909086
    [event] => endpoint.url_validation

this is the JSON response :


and this is what i send in response :

WP_REST_Response Object
    [data] => {"plainToken":"Yha30ltKQ5umDj64hxvm7Q","encryptedToken":"eaef0c687cb91968e06f33d059e924e367700e9466e08c3922d269a8bfd4f8aa"}
    [headers] => Array

    [status] => 200
    [links:protected] => Array

    [matched_route:protected] => 
    [matched_handler:protected] => 

@bmahot hope you will be fine.

Here is the working solution for WP :point_down:

add_action('rest_api_init', function () {

    register_rest_route('/api/zoom/', '/events', array(
        'methods' => 'POST',
        'callback' => 'zoom_events',
        'permission_callback' => function () {
            return true; }


function zoom_events(WP_REST_Request $request)
    $parameters = $request->get_params();
    if ('endpoint.url_validation' == $parameters['event']):
        $response = zoom_url_validate($parameters);
        return new WP_REST_Response($response, 200);
    return false;

function zoom_url_validate($parameters)
    $plainToken = $parameters['payload']['plainToken'];
    $encryptedToken = hash_hmac("sha256", $plainToken, "Your-Secret-Token");
    return ["plainToken" => $plainToken, "encryptedToken" => $encryptedToken];

Any query still please ask. Thanks

@bmahot You have problem here :point_up_2: no need to json_encode.

@freelancer.nak great thanks ! it’s working now

1 Like

@bmahot Great. Welcome & Thanks :slight_smile:

@bmahot @freelancer.nak
I am dealing with the webhook validation on wordpress too.
I usually work with webhooks smoothly but I am struggling with the zoom validation step here.

Would you please tell me how to make this solution for wp work?
Is it ok to add it in functions.php?

I usually set a webhook with uncanny automator (a plugin that can receive webhooks), that receives and transform data as I need.
So the url webhook to set in the zoom webhookonly app is defined by uncanny automator.

Does this function “intercept” and anwser to any webhook received to the website domain?
Or is there a place to write the specific url webhook?

Thank you :slightly_smiling_face: