Description/Error
Could you tell us the Vendor IP range when alerts are sent to our APIs via Zoom webhook?
For security purposes, we would like to limit the requests to our API from specific IP range if possible
Which Endpoint/s or App Types
From Zoom Webhook, we can subscribe the events to our specific API endpoint.
Hey @subhadra.ponnada,
Have you tried validating against the “Verification Token” on your apps Features page?
This token is sent with every Webhook request so you know it is coming from Zoom.
Let me know if this helps!
Thanks,
Tommy
Tommy,
Thanks for the response. We are already checking the verification token. However, our security team wants to add additional check on top of this to ensure that no one else is sending the same token from an unknown IP range.
Is it possible to know what IP range the webhook request is sent from?
Hey @subhadra.ponnada, happy to help!
You can grab the IP from the request in your API/Server. Here is an example of how to do it with Node.js,
Thanks,
Tommy
Thanks Tommy. I am not sure if my question is clear. It is not about finding the IP address of the current request.
This is about knowing the entire IP address range from where the request can come from.
That way when we check the IP address of the current request, we know that this is in the valid range and we allow the request to pass through.
Hey @subhadra.ponnada,
Our IPs are dynamic and can change at anytime. The best way right now is to use the verification token, and if you think it is compromised, you can Regenerate it.
Thanks,
Tommy
Yes so I want to test that verification token with header authorization just I want to know is there is in signature in header? or something with that I can match this?