Webhook validation change using secret token versus Chat Bot Event Notification Validation?

API and Webhooks
1

Before Creating a New Topic:

There is considerable talk of webhook validation changes, and the need to use the secret token instead of the verification token approach after Aug/Oct .

I am assuming this change also applies to messages sent to chat bots, since messages sent to chat bots are also event notifications, which are similar to webhook events, and the chatbot messages also currently rely on the verification token.

However there has been little discussion on how that will be impacted…

Our chatbot does not use web hooks, but it does need a way to validate the inbound messages from Zoom.

Also is the annotation by zoom next to the Secret token configuration in the chat bot creation wizard correct ? See screen shot eblow. It seems to imply the secret token will be sent with each message? That would seem to defeat the security purpose.

However, if Zoom does intend to send it with each message, in which header will the secret token be found? We currently can not spot it in incoming messages to our chat bot. (We do see the verification token in the Authorization header)

image
image948×568 61.9 KB

Format Your New Topic as Follows:

API Endpoint(s) and/or Zoom API Event(s)
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.

Description
Details on your question, workflow or the problem you’re trying to solve.

Error?
The full error message or issue you are running into, where applicable.

How To Reproduce
Steps to reproduce the behavior:
1. Request URL / Headers (without credentials or sensitive info like emails, uuid, etc.) / Body
2. Authentication method or app type
3. Any errors