Verify zoom webhook failed

I’m trying to use zoom webhook to take the create and end meeting event by using PHP.
I have a trouble of verifying request from zoom.

According to the instruction of this document [Using webhooks ], the hash string is the combination of [v0]:[x-zm-request-timestamp]:[request-body].

My zoom request header:

image1105×89 18.2 KB

My zoom request header timestamp:

$XZmRequestTimestamp = $headers['XZmRequestTimestamp'];

My string before hash:

$original_string = 'v0:' .$XZmRequestTimestamp .':' .json_encode($zoom_request_data);

The original string looks like this:

image1164×95 10.6 KB

image741×116 12.5 KB

My hash string:

$hash_string = hash_hmac('sha256', $original_string, $credential['zoom_secret_token']);

But the hash string (after prepending v0=) is not match with the header XZmSignature from the request.

Please tell me if there is anything wrong. Thank you so much.

Getting the same error! Signature and the req.headers[x-zm-signature] are different

Hi @helpdesk3 @letuan1999v5 given you are both seeing this, I am going to message you directly for the following info.

Respond to my private message (you’ll see in your notifications) with the following:

• email
• client id
• webhook endpoint
• webhook signatures
• screenshots of behavior
• steps to reproduce

Hi @helpdesk3 I followed up with you via private message, still waiting to hear back.

Working through some issues with developer’s account – unable to verify through support system.

was there a resolution to this? I’m running into this now as well.

I have used Authentication Header Option instead.