Validate your webhook endpoint in WordPress

API and Webhooks
1

Hi,
i need help to validate the event notification endpoint URL for a Webhook only app in WordPress, so with PHP code
https://marketplace.zoom.us/docs/api-reference/webhook-reference/#validate-your-webhook-endpoint

my code :

add_action( 'rest_api_init', function () {

    register_rest_route( 'zoom/v1', '/webinar/registration', array(
        'methods' => 'POST',
        'callback' => 'zoom_registration',
        'permission_callback' => function() { return true; }
    ) );

} );

function zoom_registration( WP_REST_Request $request ){
    $parameters = $request->get_params();
    if( 'endpoint.url_validation' == $parameters['event'] ):
        $response = zoom_url_validate( $parameters );
        return new WP_REST_Response( $response, 200 );
    endif;
    return false;
}

function zoom_url_validate( $parameters ){
    $plainToken = $parameters['payload']['plainToken'];
    $encryptedToken = hash_hmac( 'sha256', $plainToken, ZOOM_SECRET_TOKEN, false );
    $hashForValidate = $encryptedToken;
    $return = ["plainToken" => $plainToken, "encryptedToken" => $hashForValidate ];
    $response = json_encode( $return );
    return $response;
}

Error in Zoom marketplace Apps
URL validation failed. Try again later.

2

Hey @bmahot

Could you print out what this function returns, you should be returning something that looks like this:

 response.json({
    "plainToken": request.body.payload.plainToken,
    "encryptedToken": hashForValidate
  })

This is an example in node.

Also I would check that your hashForValidate and encyptedToken do match.

Thanks!

3

thanks for your help,

this is the parameters i receive :

Array
(
    [payload] => Array
        (
            [plainToken] => Yha30ltKQ5umDj64hxvm7Q
        )

    [event_ts] => 1672994909086
    [event] => endpoint.url_validation
)

this is the JSON response :

{"plainToken":"Yha30ltKQ5umDj64hxvm7Q","encryptedToken":"eaef0c687cb91968e06f33d059e924e367700e9466e08c3922d269a8bfd4f8aa"}

and this is what i send in response :

WP_REST_Response Object
(
    [data] => {"plainToken":"Yha30ltKQ5umDj64hxvm7Q","encryptedToken":"eaef0c687cb91968e06f33d059e924e367700e9466e08c3922d269a8bfd4f8aa"}
    [headers] => Array
        (
        )

    [status] => 200
    [links:protected] => Array
        (
        )

    [matched_route:protected] => 
    [matched_handler:protected] => 
)
4

@bmahot hope you will be fine.

Here is the working solution for WP :point_down:

add_action('rest_api_init', function () {

    register_rest_route('/api/zoom/', '/events', array(
        'methods' => 'POST',
        'callback' => 'zoom_events',
        'permission_callback' => function () {
            return true; }
    ));

});

function zoom_events(WP_REST_Request $request)
{
    $parameters = $request->get_params();
    if ('endpoint.url_validation' == $parameters['event']):
        $response = zoom_url_validate($parameters);
        return new WP_REST_Response($response, 200);
    endif;
    return false;
}

function zoom_url_validate($parameters)
{
    $plainToken = $parameters['payload']['plainToken'];
    $encryptedToken = hash_hmac("sha256", $plainToken, "Your-Secret-Token");
    return ["plainToken" => $plainToken, "encryptedToken" => $encryptedToken];
}

Any query still please ask. Thanks

1 Like
5

@bmahot You have problem here :point_up_2: no need to json_encode.

1 Like
6

@freelancer.nak great thanks ! it’s working now

1 Like
7

@bmahot Great. Welcome & Thanks :slight_smile:

8

@bmahot @freelancer.nak
Hi,
I am dealing with the webhook validation on wordpress too.
I usually work with webhooks smoothly but I am struggling with the zoom validation step here.

Would you please tell me how to make this solution for wp work?
Is it ok to add it in functions.php?

I usually set a webhook with uncanny automator (a plugin that can receive webhooks), that receives and transform data as I need.
So the url webhook to set in the zoom webhookonly app is defined by uncanny automator.

Does this function “intercept” and anwser to any webhook received to the website domain?
Or is there a place to write the specific url webhook?

Thank you :slightly_smiling_face:

9

hello , i have the same issue and i also try to copy and paste that solution and didnt work

this is my code

add_action('rest_api_init', function () {
    register_rest_route('/api/zoom', '/videoZoomAPI', array(
        'methods' => 'POST',
        'callback' => "zoomToApi2",
        'permission_callback' => function () {
            return true; }
    ));
});

function zoomToApi2(WP_REST_Request $data){
    $event = $data->get_param('event');
    $parameters = $data->get_params();

    if($event === 'endpoint.url_validation') {
        $ZOOM_WEBHOOK_SECRET_TOKEN = 'ZFSt84hPRrqMA4whJXvHlQ';

        $response = zoom_url_validate($parameters,$ZOOM_WEBHOOK_SECRET_TOKEN);

    }
    return new WP_REST_Response($response, 200);
}
function zoom_url_validate($parameters,$ZOOM_WEBHOOK_SECRET_TOKEN)
{
    $plainToken = $parameters['payload']['plainToken'];
    $encryptedToken = hash_hmac("sha256", $plainToken, $ZOOM_WEBHOOK_SECRET_TOKEN);
    return ["plainToken" => $plainToken, "encryptedToken" => $encryptedToken];
}

i add in my functions.php