Verifying Webhook events

usertestdelete92 · January 30, 2023, 11:40am

As we are Working on using event Subscriptions for our App, we came across a problem. While verifying webhook events in our side the hashed value from the constructed message and the header signature x-zm-signature does not match.

But while validating the endpoint url during initialising event subscriptions the function runs correctly and our endpoint url got validated. We have done the procedures correctly as mentioned but the signature and hashed values are not the same.

We have looked through the devforum and One user has mentioned about serialization/deserialization of
an object. We are having the same problem here. Can you please look onto it.

We are not using Node.js for validation functions, we are validating it in the backend, and so we are using Java for validating the request.

Looking for your Reply.

MaxM · January 31, 2023, 12:57am

Are you able to share the Java code that you are using to match the signature?

Also, just to make sure that we are on the same page, you can use this code sample to validate your webhook.

usertestdelete92 · February 2, 2023, 8:34am

Hi @MaxM .

Thank you for the reply.

Actually we have rectified the problem by ourselves. When we read the request body, the output will be in bytes then converted to String and then we have to convert it into a JSONObject. And that’s when the order of the details changes(In the JSON), but when we print the String that we get from the bytes conversion, it will be in the right order so we just used the String instead of using the converted String of the JSON(JSON.toString()). See below for better explaination.

String converted from bytes:

{
  "event": "session.started",
  "payload": {
    "account_id": "{ACCOUNT_ID}",
    "object": {
      "start_time": "2022-07-27T16:56:34Z",
      "id":"{SESSION_ID}"
    }
  },
  "event_ts": 1658940994914
}

JSON converted from that String:

{
  "payload": {
    "account_id": "{ACCOUNT_ID}",
    "object": {
      "id":"{SESSION_ID}",
      "start_time": "2022-07-27T16:56:34Z"
    }
  },
  "event_ts": 1658940994914,
  "event": "session.started"
}

Anyways Thanks for the help.

jchavezb · September 22, 2023, 6:40pm

{SESSION_ID} : este valor de donde lo saco ?

usertestdelete92 · February 1, 2024, 6:34am

You will get it in the payload itself.

Topic		Replies	Views
Event notification endpoint URL - URL validation failed. Try again later Webhook Only App Webinars	22	4860	November 16, 2023
Webhook verification not well defined API and Webhooks	4	490	August 29, 2023
Having Trouble Validating Webhook API and Webhooks	8	1139	February 21, 2024
webhook validate in spring boot API and Webhooks webhooks	0	407	June 22, 2023
Verify Deauthorization event - signature issue API and Webhooks	3	349	January 5, 2024

Verifying Webhook events

Related Topics