I am reading the ## Verification Tokens in https://marketplace.zoom.us/docs/guides/authorization/credentials
It seems that the Verification Token is just a text string. Does it mean to verify it by just doing string comparison?
Also how this token be protected over the wire? How to we prevent the token is fished by some bad guy? Do we need to regenerate the token periodically for the sake of protection?
Also, we want to whitelist the Zoom URLs that posts the events to our endpoints. It is Zoom URL always ‘https://zoom.us’. If it is always, how we know the URLs in advance for whitelist configuration?
Thank you in advance for the help.