Verify zoom webhook failed

I’m trying to use zoom webhook to take the create and end meeting event by using PHP.
I have a trouble of verifying request from zoom.

According to the instruction of this document [Using webhooks ], the hash string is the combination of [v0]:[x-zm-request-timestamp]:[request-body].

My zoom request header:

My zoom request header timestamp:

$XZmRequestTimestamp = $headers['XZmRequestTimestamp'];

My string before hash:

$original_string = 'v0:' .$XZmRequestTimestamp .':' .json_encode($zoom_request_data);

The original string looks like this:

My secret token:

My hash string:

$hash_string = hash_hmac('sha256', $original_string, $credential['zoom_secret_token']);

But the hash string (after prepending v0=) is not match with the header XZmSignature from the request.

Please tell me if there is anything wrong. Thank you so much.

1 Like

Getting the same error! Signature and the req.headers[x-zm-signature] are different

Hi @helpdesk3 @letuan1999v5 given you are both seeing this, I am going to message you directly for the following info.

Respond to my private message (you’ll see in your notifications) with the following:

  • email
  • client id
  • webhook endpoint
  • webhook signatures
  • screenshots of behavior
  • steps to reproduce