Verify zoom webhook failed

letuan1999v5 · July 10, 2024, 7:09am

I’m trying to use zoom webhook to take the create and end meeting event by using PHP.
I have a trouble of verifying request from zoom.

According to the instruction of this document [Using webhooks ], the hash string is the combination of [v0]:[x-zm-request-timestamp]:[request-body].

My zoom request header:

My zoom request header timestamp:

$XZmRequestTimestamp = $headers['XZmRequestTimestamp'];

My string before hash:

$original_string = 'v0:' .$XZmRequestTimestamp .':' .json_encode($zoom_request_data);

The original string looks like this:

My secret token:

My hash string:

$hash_string = hash_hmac('sha256', $original_string, $credential['zoom_secret_token']);

But the hash string (after prepending v0=) is not match with the header XZmSignature from the request.

Please tell me if there is anything wrong. Thank you so much.

helpdesk3 · July 10, 2024, 7:36pm

Getting the same error! Signature and the req.headers[x-zm-signature] are different

gianni.zoom · July 10, 2024, 7:50pm

Hi @helpdesk3 @letuan1999v5 given you are both seeing this, I am going to message you directly for the following info.

Respond to my private message (you’ll see in your notifications) with the following:

gianni.zoom · July 23, 2024, 8:09pm

Hi @helpdesk3 I followed up with you via private message, still waiting to hear back.

gianni.zoom · August 11, 2024, 3:57pm

Working through some issued with developer’s account – unable to verify through support system.

Topic		Replies	Views
Verifying Zoom webhook events with Laravel/PHP/hash_hmac API and Webhooks	3	1308	April 2, 2024
Unable to verify zoom's web hook request with Zoom's header API and Webhooks webhooks , recording	16	761	July 18, 2024
Verificacion Zoom Header, Webhook API and Webhooks webhooks	5	396	October 16, 2023
Python webhook validation API and Webhooks	2	688	July 7, 2024
X-zm-signature & x-zm-request-timestamp are missed in deauthorization webhook API and Webhooks webhooks	6	1547	August 26, 2023