Hi @rahul.bhooteshwar
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
So, let me just confirm if I am understanding correctly.
You are generating the signature to validate the webhook correctly (with the Zoom secret token), but this signature is invalid when these 3 scenarios are in place:
@elisa.zoom yes thatâs correct.
I am using exactly same code for verification.
It works fine all the times except the scenario mentioned.
I donât know if all those 3 conditions are responsible for the failure or just one of those (most probably user name with special characters).
I guess it is not applicable for our internal users as their names are proper alphabetical words & contains no emojis. But external meeting participants have their choice of names (containing these emojis).
Please let me know if anything else is needed from my side.
This is a critical issue for our integrations. Please help.
Hi @rahul.bhooteshwar
Thank you for your patience while I troubleshoot this on my end
Unfortunately, I have not been able to replicate this behavior.
I will go ahead and send you a private message so we can exchange more information
The python code we use for verification (Only the encoding part)
We use âensure_ascii=Falseâ in json.dumps to encode kanji and kana characters correctly
Hi @tech-zoom_zp
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here! I have created an internal ticket (ZOOM- 506645) about this issue and will update you shortly
Bes,t
Elisa
Hi. I havenât gotten any answer yet. I had presumed that a solution you private mailed to Mr. Rahul Bhooteshwar could be used for our case, too. Is the situation so complicated?
Itâs stressful getting reminder emails to update webhook verification and always reminding the deadline to myself. Once I have the answer and be done with it, I can forget about the deadline altogether.
Hi @tech-zoom_zp
I totally understand your point.
I did not update the thread since I do not see any movement on the internal ticket I created.
I just re-engaged with the team and will push to get an answer soon.
Also, the dates for deprecation has been pushed to Februrary next year
Hi again @tech-zoom_zp
I heard back from our Engineering team and it looks like when the emoji is a Unicode string we support itâs validation. In the case of this emoji , my team was able to test and able to verify the webhook.
I tried on my end again, but un-successful.
Could you tell me what is wrong with my python code? It fails only when the request body includes an Unicode emoji.
Same here. Iâm getting signature mismatch error when data has a Spanish tilde accent mark in it. But in all other cases the signature matches. Hereâs my Python code:
Given that @ymnoor21 reports accent mark (as opposed to emoji), the difference probably lies in either of:
unicode normal form (composed vs decomposed), or
escaping JSON content
Ideally the hash should be computed over the raw request body, as opposed to parsed request JSON.
However that assumes Zoom computing the hash over exact request body thatâs sent out.
Perhaps Zoom folks could share the snippet of the code on their side, incl. runtime (python/nodejs/golang/etc.) and library (requests?httpx?fetch api?) versions? That would help.
With a bunch of smart developers in this forum, Iâm pretty sure this can be solved really fast with just a bit of raw data