Zoom webhook validation event missing app's clientid header

We are implementing webhook validation as documented here https://marketplace.zoom.us/docs/api-reference/webhook-reference/#validate-your-webhook-endpoint, the but validation event request does not contain the app’s clientid header like actual webook event request.
We use the clientid in the header to identify correct the Secret Token. This is needed because we support customer created apps in their zoom organization. Webhook event request header - https://marketplace.zoom.us/docs/api-reference/webhook-reference/#request-headers

Hi @rsahu
Thanks for reaching out to the Zoom Developer Forum and welcome to our community, I am happy to help here!

I believe this is the expected behavior, once you validate your endpoint, all the events will include the client ID in the headers

Hi @elisa.zoom ,
I am trying to find a way to handle multiple zoom apps webhook validation request.
How to differentiate webhook validation request to select correct secret token from databse.

Hi @elisa.zoom , Do you have any update.

Hi @rsahu
I see. If I understand this correctly, you would have to set up independent validations for your apps

Here is a link to our sample app that demonstrates how to implement the URL validation:

Hope this helps,

I don’t think this is what he’s asking, and we have the same issue… We have two apps on the Zoom marketplace that have the same functionality using the same webhook endpoints, except one is an account level app and the other is a user level app. We need the client id to be passed to determine which secret token we should use in validating the webhook endpoint. While the documentation says that clientid will be present in the request header, it isn’t in validation calls. This is a bug that needs to be fixed.

@rsahu Our workaround at the moment is to rely on the verification code passed in the Authorization header. This is not ideal, as verification codes will be deprecated in October 2023, but this is currently the ONLY way one can identify which app is requesting the validation. This should be a simple fix for Zoom to implement honestly, so would definitely appreciate if @elisa.zoom could bring visibility to the issue. Thanks!

Thank you for chiming in here @berk
I will pass this feedback along with my team and will come back with updates