For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
ReferenceGuides
ReferenceGuides
  • Agent Studio
    • Overview
    • Quickstart Guides
    • Core Concepts
    • Conversation Process
    • Actions
    • Connectors
    • System Triggers
      • Webhooks Triggers
        • Listener Configuration
        • Webhook Verification Challenge
        • Webhook Signature Verification
        • Webhook Example: Github
        • Webhook Example: Zoom
      • Scheduled Triggers
      • System Triggers Logs & Troubleshooting Guide
    • Agent Architect
    • Cookbooks
    • Development and Testing
    • AI Agent Marketplace
    • Developer Tools
  • Agentic AI
    • LLM Fundamentals
    • The Agentic Reasoning Engine
    • Memory Constructs
    • Conversational Context
    • Guardrails
    • Grounding and Hallucinations
    • Continuous Learning
    • LLMs & SLMs
    • Steerability Tools
    • Multilingual Support
  • Core Platform
    • User Identity
    • Moveworks Agent (On-Prem)
    • Approvals Engine
    • Entity Catalog
    • Moveworks Data Objects
    • Security Information and Event Management (SIEM) Logs Overview
DeveloperAcademyCommunityStatus
On this page
  • Quickstart
  • 1) Register the Webhook in Zoom
  • 2) Configure Verification in Agent Studio
  • For Verification Challenge
  • For Signature Verification
  • Zoom Documentation
Agent StudioSystem TriggersWebhooks Triggers

Webhook Example: Zoom

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Scheduled Triggers

Next
Built with

Zoom webhooks notify your endpoint of events like meeting starts or ends. They require an initial URL validation challenge and support signature verification for events. This dual pattern teaches handling setup trust (challenge) separately from ongoing security (signature), common in services with periodic re-validation.

Quickstart

1) Register the Webhook in Zoom

Registration triggers the challenge. In Zoom:

  1. Go to Zoom Marketplace > Develop > Build Legacy App > Webhook Only.
  2. Add event subscriptions.
  3. Event notification endpoint URL: Your Agent Studio listener URL.
  4. Generate a Secret Token—note it; this serves both challenge signing and event signatures.
  5. Validate the URL (triggers the challenge — do this after setting up your listener below).
  6. Save and subscribe to events.
EventDescriptionKey Payload Fields
meeting.startedMeeting beginsmeeting.id, host_id
meeting.endedMeeting concludesmeeting.id

2) Configure Verification in Agent Studio

Zoom uses a challenge for URL validation and signatures for events. Configure both.

For Verification Challenge

In the One Time Verification Challenge panel:

  1. Set Challenge Detection: parsed_body.event == "endpoint.url_validation" using Moveworks DSL. (detects the validation POST).
  2. Choose HTTP Response Status Code: 200 OK. Zoom expects success codes; mismatches fail validation.
  3. HTTP Response Headers: Leave default or add if required.
  4. HTTP Response Body. This echoes the token and adds the signed version: 
    1plainToken: parsed_body.payload.plainToken
    2encryptedToken: challenge_token["zoom_token"]
  5. Click Add Challenge Token to create the signed value:
    1. Name: Set to zoom_token (or any unique identifier). This name becomes a reference key, use it in the response body as shown above challenge_token["zoom_token"] to insert the computed hash dynamically.
    2. Signing Algorithm: HMAC-SHA256
    3. Signing Secret: Paste the Secret Token from Zoom, the shared key for hashing.
    4. Signing Payload: parsed_body.payload.plainToken

For Signature Verification

In the Verification panel:

  1. Add a new rule.
  2. Select Validation Type: Signature Verification.
  3. Secret Shared by External System: Same Secret Token from Zoom.
  4. Signature Verification Hash Mode: HMAC-SHA256.
  5. Verification Payloads: Concatenate using DSL: $CONCAT([headers["x-zm-request-timestamp"],":",raw_body],""). This builds the exact string Zoom signs.
  6. Verification Received Signature: headers["x-zm-signature"].

Zoom Documentation

  • Using Webhooks