Webhook endpoint url is not validating it is throwing error

marc.moreno · August 24, 2023, 5:26am

When we are validating the webhook endpoint in PHP it throws the error, the return type is invalid but we are returning the correct JSON object as per the endpoint validation documentation.

We are using below PHP code to validate the webhook endpoint URL:-

$body = file_get_contents(‘php://input’);
$params = json_decode($body, true);
$plainToken = $params[‘payload’][‘plainToken’];
$secretToken = “SECRET_TOKEN”;
$message = $plainToken;
$secretTokenByte = utf8_encode($secretToken);
$messageBytes = utf8_encode($message);
$hashmessage = hash_hmac(“sha256”, $messageBytes, $secretTokenByte, true);
$hexMessage = implode(“”, array_map(function ($x) {
return sprintf(“%02x”, $x);
}, unpack(“C*”, $hashmessage)));
$response = [
“plainToken” => $plainToken,
“encryptedToken” => $hexMessage
];
return json_encode($response);

marc.moreno · September 6, 2023, 1:02pm

Please help us regarding the above issue.

Also, we have checked the code multiple times as per the webhook validation documentation

elisa.zoom · September 8, 2023, 3:09pm

Hi @marc.moreno
Thanks for reaching out to us
Have you taken a look at our sample app here:

github.com

zoom/webhook-sample/blob/master/index.js#L31


      
          console.log(req.body)
          
          // construct the message string
          const message = `v0:${req.headers['x-zm-request-timestamp']}:${JSON.stringify(req.body)}`
          
          const hashForVerify = crypto.createHmac('sha256', process.env.ZOOM_WEBHOOK_SECRET_TOKEN).update(message).digest('hex')
          
          // hash the message string with your Webhook Secret Token and prepend the version semantic
          const signature = `v0=${hashForVerify}`
          
          // you validating the request came from Zoom https://marketplace.zoom.us/docs/api-reference/webhook-reference#notification-structure
          if (req.headers['x-zm-signature'] === signature) {
          
            // Zoom validating you control the webhook endpoint https://marketplace.zoom.us/docs/api-reference/webhook-reference#validate-webhook-endpoint
            if(req.body.event === 'endpoint.url_validation') {
              const hashForValidate = crypto.createHmac('sha256', process.env.ZOOM_WEBHOOK_SECRET_TOKEN).update(req.body.payload.plainToken).digest('hex')
          
              response = {
                message: {
                  plainToken: req.body.payload.plainToken,
                  encryptedToken: hashForValidate

It looks like you are probably missing the validating the signature step

marc.moreno · September 14, 2023, 2:09am

Hi Elisa,

Thank you. as per my developer “=> We have validated the signature as Zoom support suggested, But we are getting the same error when validating the webhook, So kindly ask to Zoom support team why we are getting the “Invalid return type” error” could you please advise? Thank you!

elisa.zoom · September 14, 2023, 2:08pm

Thanks @marc.moreno
Can you ask your developer to look at the sample app I shared and run it locally and try to replicate the code on php

marc.moreno · September 15, 2023, 4:51am

Thank you so much. I will tell them that.

system · September 22, 2023, 5:58pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What's wrong with my PHP code to validate Webhook Endpoint? API and Webhooks webhooks	2	626	February 9, 2024
Issue with Webhook Validation API and Webhooks webhooks	2	577	March 6, 2024
Facing issue while Validating WebHook to my URL in PHP API and Webhooks	1	441	June 5, 2023
Webhook validation fails for php code API and Webhooks webhooks	7	995	March 12, 2024
Unable to validate URL for Webhook API and Webhooks webhooks	0	400	June 29, 2023

Webhook endpoint url is not validating it is throwing error

Related Topics