Zoom Webhook Validation in n8n

AlexBenti · December 27, 2024, 7:40pm

Hi guys, I’m pretty new here.

for the zoom webhook I saw some posts here but they are either old or not resolved so I’m here asking for help.

I need to set up a zoom webhook app in order to extrapolate the transcript of my calls but in the webhook app setup in zoom I get the error validating the url: URL validation failed. Try again later.

I’m using n8n cloud

Sorry, I’m not sure how I can share my actual workflow.

I need some updated procedure to make it work

Thanks

n8n · December 27, 2024, 7:40pm

It looks like your topic is missing some important information. Could you provide the following if applicable.

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

ihortom · December 27, 2024, 8:34pm

Welcome to the community @AlexBenti !

Tip for sharing information

Pasting your n8n workflow

Ensure to copy your n8n workflow and paste it in the code block, that is in between the pairs of triple backticks, which also could be achieved by clicking </> (preformatted text) in the editor and pasting in your workflow.

```
<your workflow>
```

That implies to any JSON output you would like to share with us.

Make sure that you have removed any sensitive information from your workflow and include dummy or pinned data with it!

I do not have Zoom account but I found my old notes I recorded related to Zoom webhook validation in the days when I have set up the integration (a few years ago though). Hopefully they are still helpful.

Zoom requires you to manually trigger webhook validation when you add a new webhook or make changes to an existing one. Subsequently, Zoom automatically revalidates webhooks every 72 hours.

Zoom uses a challenge-response check (CRC) for webhook validation. When a CRC occurs, Zoom makes a POST request to your endpoint with a challenge request body. After your endpoint receives the request, your app needs to respond with the challenge response within 3 seconds.

To trigger the initial CRC validation, click Validate under the Event Notification Endpoint URL on the Feature page for your app. See Revalidation for revalidation details.

Unsuccessful delivery

For any unsuccessful notification deliveries, Zoom attempts to deliver the webhook three times:

The first attempt is sent five minutes after the initial delivery attempt.

A second attempt is sent 30 minutes after the first attempt.

A third attempt is sent 90 minutes after the second attempt.

If a 200 or a 204 response is received after any retry attempt, then Zoom considers the notification was successfully delivered.

However, if Zoom does not receive a 200 or a 204 response after three attempts, then no further webhooks for that event will be sent.

See the following steps to implement the challenge-response check flow.

Receive the challenge (webhook request body)

Here’s an example:

{
   "payload": {
      "plainToken": "qgg8vlvZRS6UYooatFL8Aw"
   },
   "event_ts": 1654503849680,
   "event": "endpoint.url_validation"
}

Hash the plainToken

Once you receive the request body, create a HMAC SHA-256 hash. Set your webhook’s secret token as the secret (salt), and the plainToken value as the string to hash. Output in hex format.
Create the response JSON object

Create a JSON object with a key of "plainToken" with a value of the plainToken from the request body, and a key of "encryptedToken" with a value of the hashed plainToken. For example:
```
{
   "plainToken": "qgg8vlvZRS6UYooatFL8Aw",
   "encryptedToken": "23a89b634c017e5364a1c8d9c8ea909b60dd5599e2bb04bb1558d9c3a121faa5"
}
```
Respond with the response JSON object

Respond with the response JSON within 3 seconds with a 200 or 204 HTTP response code.

See Zoom webhoook sample: webhook-sample/index.js at master · zoom/webhook-sample · GitHub

AlexBenti · December 27, 2024, 8:47pm

Hi @ihortom,
thank you very much for that.

I think that’s what I’ve actually done.

I share my workflow here:

ihortom · December 27, 2024, 8:53pm

Looks like you are on the right track. Remember that Zoom automatically revalidates webhooks every 72 hours. That means you need to distinguish endpoint.url_validation event and reply back to Zoom. Otherwise your Zoom webhook will gets automatically deactivated.

AlexBenti · December 27, 2024, 8:57pm

Thanks man,
I’m happy to be on the right track but it’s not working

I actually followed the steps from this thread Zoom OAuth App Webhook Validation - Creating HMAC SHA-256

But there is something missing

Anyone fixed this?

AlexBenti · December 27, 2024, 10:57pm

I managed to validate the url

here is my workflow:

Kevin_Chavez · May 19, 2025, 10:38am

THANK YOU!!! This saved my butt!

AlexBenti · May 19, 2025, 10:35pm

if you need help just let me know, it made me crazy but I won