What is happening to the webhooks?
We are changing the way webhooks are verified and validated by Zoom. As of February, 3rd, 2024, any previously unvalidated webhooks will have to go through the validation process. Verification will now be done through the `x-zm-signature` header and make use of the `secret token` instead of the `verification token`. Please refer to the verification process for more information.
Didn’t we make a change to webhook validation last year?
Yes. We implemented the header authorization and the validation process last year but it was optional. If a developer didn’t update their webhooks, the old methods would continue to work. As of February 3rd, 2024, all webhooks must be updated to use the secret token value and go through the validation process.
What if I want to add/remove events from an unvalidated webhook?
Up until February 3rd, 2024 developers can alter the events they subscribe to without having to change the webhook authorization or go through the validation process.
Developers DO NOT have to validate their webhooks before February 3rd, 2024 if:
- They alter the events that the webhook subscribes to; and
- They DID NOT change the webhook URL
What if I need help implementing this change?
You can reach out to our developer advocates via the developer’s forum or drop by our developer open hours.