Verificacion Zoom Header, Webhook

Actualmente realizamos la actualización de validacion y verificacion de los WebHook de Zoom, donde nos percatamos que los datos x-zm-signature y x-zm-request-timestamp que deberian venir en el header de los webhook segun la documentacion mencionada acontuacion Using webhooks no siempre estan llegando. Provocando que a la hora de verificar los webhook usando las cabeceras de Zoom (Zoom’s Header) falle, desconocemos si esta intermitencia de datos es un error o se debe a alguna información que no está presente en la documentación.

  1. Se inicia una reunion de Zoom
  2. Zoom envía Webhook hacia los Servidores PUCV
  3. Tratamos de obtener los datos x-zm-signature y x-zm-request-timestamp
  4. Los valores vienen en null
  5. No podemos autentificar la procedencia del Webhook


Thank you for reaching out. From what I understand, after validating your endpoint, you’re receiving events for a limited period and then they cease. Is that correct?

If this is the situation, please note that our system requires you to verify the webhook endpoint every 72 hours. If the challenge isn’t acknowledged appropriately, it might lead to disruptions in receiving the events.

is not correct, we have not stopped receiving the webhook events. What happens is that we are not receiving all the data to verify the origin of the webhook events, using the Zoom header verification. Link to the documentation Using webhooks

The data that we are not receiving constantly or intermittently are the variables x-zm-signature and x-zm-request-timestamp. Which are necessary to form the hash and validate the origin of the webhook.

thanks for the help

Thank you for posting in the Zoom Developer Forum, @software.dsic ! I’m happy to help. Based on the information you provided, it seems like you are not consistently or intermittently receiving the variables x-zm-signature and x-zm-request-timestamp. Is that correct? Could you provide more details about when you are seeing these variables and when you are not? Additionally, could you share an example webhook payload so that I can take a look at it?

If correct, it usually occurs with webhooks that send meeting start data or account changes in Zoom. Example:

  1. A Zoom meeting starts
  2. Zoom sends the webhook to our servers
  3. we try to get the data from x-zm-signature and x-zm-request-timestamp
  4. Php throws the error that this data does not come in the request header array.
  5. We cannot generate hashes to validate the origin of the webbooks because there is missing data.

I attach images of the errors and an example of a webhook payload.

Thanks for the reply

I can’t attach images from the payload webhook

@software.dsic sorry for the delay on this…

here is a sample code for custom header validation :

I am also dming you with a link to schedule a meeting with me to go over this.