I’m trying to make a Webinar Webhook that will trigger my Power Automate when a Webinar is created. I created a Power Automate with an HTTP trigger that is set to allow anyone to trigger it. I then created a Webhook in Zoom and put in the endpoint of my Power Automate. When I click validate, it gives me “URL validation failed. Try again later.”. I found a similar post on this forum where someone said they got it to work by using “Custom Header” in the Webhook so I switched to that and get the same validation error, HOWEVER my Power Automate is successfully triggered. My Power Automate also returns a 200 response which the Zoom Webhook documentation states to do. I even tried 204 as well and both still give me a validation error.
There are two security features in the Zoom platform that are specific to webhooks. One is called “Validate your endpoint” and the other is called “Verify events”.
“Verify events”: this feature allows you at the receiving end of the webhook to verify that the message you received is legitimate and indeed came from the Zoom platform. There are a few ways to configure this security feature, one of which by way of “Custom Header”. This is most likely what you were referring to when you said `I found a similar post on this forum where someone said they got it to work by using “Custom Header” in the Webhook`. This verification process is totally optional. You implement it if and only if you want to protect yourself from receiving invalid/malicious messages. I highly doubt this is the problem you are facing at the moment.
“Validate your endpoint”: this feature is very much mandatory and I believe much more likely to be the cause of the problem you are facing. Zoom implemented this feature to ensure they are sending messages to an endpoint that is listening for Zoom webhook messages and avoid needlessly sending messages when the receiving end is not designed to accept Zoom messages.
Let me expand a little bit on how the “Validate your endpoint” feature works:
When you setup webhooks in your Zoom account, the Zoom platform will send what they call a “challenge-response check (CRC)” and your platform is expected to respond in a specific manner and my guess is that the Power Automate platform simply responds with a HTTP 200 but it does not include the expected payload (keep in mind that I am not familiar with Power Automate, so take what I say with a grain of salt). This process and the specific content your response to the CRC message should contain is explained in more details here: Using webhooks
All this to say that I believe the flow is something like this:
You configure webhooks to be sent to a Power Automate URL
You click the “Validate” button
A CRC is sent to your Power Automate URL
Power Automate receives this message (you said Power Automate was successfully triggered, that’s what leads my to believe the CRC message is sent and successfully received)
Power Automate responds with a simple HTTP 200 but without the mandatory payload
Zoom checks the response and determines the body of the response does not include the expected payload and therefore, the URL is deemed to be invalid. No further webhooks messages will be sent to this URL.