Zapier and New Webhook Authentication

I received an email about the new Zoom webhook authentication procedures. It sounds like all webhooks need to be switched over to use the new authentication methods, otherwise they will stop working in October 2023.

I’ve been sending a few webhooks to Zapier (mainly for Webinar registrations and for Participant/Host joined webinar). The Participant/Host joined webinar hook does not appear to be available in the Zoom Zapier app, so I can’t switch to use the Zapier app instead.

How do I go about setting up the new authentication in Zapier to make sure my Zoom webhooks continue to work?

I found this previous closed post, which makes it sound like Zoom webhooks will no longer work with Zapier: Webhook zapier validation - #14 by james.petty714. Is that really true? If so, that’s very unfortunate, since we rely on Zoom webhooks to pass data to our other systems.

Does anyone have any information about how to make sure Zoom webhooks through Zapier will continue to work with the new authentication requirements?

@elisa.zoom I see you responded to the post I linked to say that there were no updates as of February 2023. Do you know if there have been updates since that time?

Hi @zk12345
I do not have an update on this but let me reach out to the Zapier team again

Okay, thanks @elisa.zoom. Hopefully, they will have an update.

If they can’t support the new authentication, what are my options from the Zoom side? Any workarounds or alternatives to the new authentication? I saw that we can ask to have custom authentication turned on, but I think that might run into the same issues as Zoom’s standard authentication.

This change takes effect for all webhooks starting October 2023, correct? I assume that if we make no change, the webhooks will stop working?

Someone on the other thread suggested looking into Integromat/Make instead of Zapier, so I guess I’ll try to do that, though it would be a hassle to switch platforms.

Hi @elisa.zoom , do you have any updates on this? I have several Webhook Only apps with Zapier:

  1. when someone registers
  2. when someone joins
  3. when a new recording is ready

As Katherine asked: if we make no change, will the webhooks stop working in October?

Appreciate any suggestions you have on how to prepare for: ‘Verification Token (Retires in October 2023)’

Thank you!

I finally reached out to Zapier support directly and after a lot of frustrating back and forth, it basically sounds like it will stop working and there is no workaround.

If your trigger is a part of the Zapier Zoom app (I think participant registration is), you can use that instead and it will keep working. But, the other triggers used via a webhook only app and the Zapier Webhooks integration will not. They have it on the roadmap to add other triggers to the Zoom app, but it sounds like something Zapier has to code, not Zoom.

I did find this post:, which suggests that you might be able to build your own custom integration with Zoom via Zapier instead.

Note that the response that says “This has been addressed” apparently does not refer to the webhook validation issue, but something else. Took me a while to get Zapier support to confirm that and honestly they may or may not have given me correct information. The different agents I talked to didn’t seem to know what they were talking about.

I did try editing my Zoom webhook and then reauthorizing with Zapier, which I think is supposed to trigger the new Zoom webhook authentication. It worked, but I’m concerned that it will not continue to work in the future.

So, we’ve decided to switch to Make (formerly Integromat) instead for this. Their support says their connection should continue to work in October. We shall see.

Hope some of this additional information that I found helps, but if anyone else knows anything or if Zoom has an update directly that would be great to hear.

Hi @zk12345 ,

Thanks for reaching out to us. This is something that Zapier needs to handle on their end. As the email states, we will deprecate the verification token in october 2023.

This is weirdly frustrating. I’ve contacted Make support, Zapier Support, and Zoom support. Guess what? They all point the finger at someone else. Make and Zapier say to reach out to Zoom. Zoom says go back to the no code people. This isn’t a working solution.

More specifically, Make support said:

So that’s what I did. Zoom support said this:

Then silence for a few days. So I ask what’s up. Then Zoom says:

Then silence for a few days. So I ask what’s up. Then Zoom says:

Then silence for a few days. So I ask what’s up. No response. Then silence for a few days. So I ask what’s up. No response. So I initiated the escalate option. 15 minutes later I get this with a closed ticket.

And so, 19 days after I contacted Zoom, I’m starting over. Scratching my head, because what was support referring to on what they were working on this whole time when other people in the developer forum are basically saying “not Zoom’s problem.”

So I have no idea where to go from here. Best as I can tell, the No Code platforms can no longer be used with Zoom. Which means Zoom suddenly became less useful for a lot of people. And as of now, there’s no solution except a bunch of companies saying “that’s something the other guy needs to fix.”

I need the answer to not be an always-on server we need to maintain with custom development, because the no code option was being used by non-developers.

I’m appreciative of any suggestions on where to go from here, thanks!

Check out Pipedream. They have more Zoom triggers than Zapier, and they also allow for webhook validation.

Interesting, when I contacted Make support, they said they would support it.

Maybe the support person didn’t really understand what I was asking… I asked about the webhooks and they originally gave me instructions on how to create the webhooks.

I responded with “I can see that we can create the Zoom webhooks in Make, but the new authentication doesn’t take full effect until October 2023. Will the hooks that I’ve created now still work with the new authentication in the future?” (note: They’ve delayed the update until like February 2024 now).

Make support responded: “Yes, it should function properly. We keep track of changes to the platforms we support and do our best to stay up to date.”

My Zapier webhooks still seem to be working for the time being, so I’m sticking with them while they do, but maybe both won’t work in the future. Zoom said that to trigger the new authentication all you had to do was edit and save your webhooks, which I’ve done, and it didn’t break anything.

But, maybe they just aren’t enforcing anything until February. I certainly hope that one of these companies can figure something out… I will have to look into Pipedream. Thanks for the suggestion!

So I’m trying to give Pipedream a shot to make this work. (Really don’t want to have to move to another platform, but if this ends up working… so be it!)

Not surprisingly, I’m stuck.

Here’s where I’m at:

Setting up the trigger. It’s good and I’m able to get the initial data to send over to Pipedream:

The next step is supposed to be hashing the data and passing it back to Zoom for verification. And this is where I’m woefully unqualified to work it out. I assume I should be using node.js in pipedream to handle the custom header.

Screenshot 2023-12-04 at 5.20.41 PM

The documentation Zoom gives HERE says to reference the sample code HERE. So I assumed I would copy the code and drop it into the code section in the node.js step on Pipedream.

(Section removed because my assumptions were wrong on what to modify)

But running the test comes back with:

I apologize to all of the smarter people out there, but if you have a moment to point out where you think I went astray, it would be very much appreciated. Thank you kindly!

import { createHmac } from 'crypto'

export default defineComponent({
  async run({ steps, $ }) {

    if (steps.trigger.event.body.event === 'endpoint.url_validation') {
      const ZOOM_WEBHOOK_SECRET_TOKEN = 'yourToken';
      const hashForValidate = createHmac('sha256', ZOOM_WEBHOOK_SECRET_TOKEN).update(steps.trigger.event.body.payload.plainToken).digest('hex')
      await $.respond({
        immediate: true,
        status: 200,
        body: {
          "plainToken": steps.trigger.event.body.payload.plainToken,
          "encryptedToken": hashForValidate

      return $.flow.exit();

    } else {
      await $.respond({
        immediate: true,
        status: 200

Good gravy Marie! That did the trick Matt, my humble thanks to you! All that was needed was to swap out “your token” with the actual secret token from Zoom and I’m off to the races. A path forward! :slight_smile:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.