Zoom Webhook Signature Verification Failing in Python 3 but Working in Python 2

kathir · March 4, 2025, 12:40pm

I am working on verifying Zoom webhooks in both Python 2 and Python 3 within a Django application. My verification logic works correctly in Python 2, but when running the same code in Python 3, the generated hash does not match X-ZM-SIGNATURE from Zoom’s webhook headers.

Observed Behavior

Python 2: The computed HMAC SHA256 signature matches the one sent in the Zoom header (X-ZM-SIGNATURE).
Python 3: The computed signature is different from the one Zoom sends, causing verification to fail.

Code Snippet for Signature Verification

def generate_zoom_webhook_signature(zoom_webhook_secret, request_body, event_ts):
    message = "v0:{}:{}".format(event_ts, request_body)
    return "v0={}".format(create_hmac(zoom_webhook_secret, message, hashlib.sha256))

def create_hmac(key, message, algorithm=hashlib.sha512, digest="hex"):
    encoded_data = hmac.new(
        six.ensure_binary(key, encoding="utf-8"), six.ensure_binary(message, encoding="utf-8"), algorithm
    )
    if digest == "hex":
        return encoded_data.hexdigest()
    if digest == "byte":
        return encoded_data.digest()
    return encoded_data

Topic		Replies	Views
Can't find correct documentation on webhook validation API and Webhooks webhooks	1	31	December 24, 2024
Signature Verification Issue with Webhook API and Webhooks	5	872	May 13, 2024
Invalid signature - python 3 API and Webhooks	7	1317	February 27, 2024
Unable to verify zoom's web hook request with Zoom's header API and Webhooks webhooks , recording	16	904	July 18, 2024
Verify zoom webhook failed API and Webhooks	6	161	December 6, 2024

Zoom Webhook Signature Verification Failing in Python 3 but Working in Python 2

Observed Behavior

Related topics