From c9cdad161e9602ce8d64a119b390905942267a34 Mon Sep 17 00:00:00 2001 From: Tommy Gaessler Date: Wed, 17 Jul 2024 14:51:15 -0600 Subject: [PATCH 1/5] Update zoom.md Updated links and mentioned Video SDK --- src/pages/webhook-directory/zoom.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/pages/webhook-directory/zoom.md b/src/pages/webhook-directory/zoom.md index 9d65e2e..76dc418 100644 --- a/src/pages/webhook-directory/zoom.md +++ b/src/pages/webhook-directory/zoom.md @@ -4,7 +4,7 @@ pageTitle: Zoom Webhooks Specs | Examples| How to integrate description: Webhook specificactions for Zoom including Supported Events, Example Apps, Security Specs, and Documentations. --- -Zoom uses webhooks to notify third-party apps of events such as Meetings, Webinars,Recordings, User Activity, Billing, and Chat Messages created +Zoom uses webhooks to notify third-party apps of events such as Meetings, Webinars, Recordings, User Activity, Billing, Chat Messages created, and Video SDK {% table %} --- @@ -15,7 +15,7 @@ Zoom uses webhooks to notify third-party apps of events such as Meetings, Webina - **[Zero Downtime Rotation](/ops-experience/key-rotation)**: ❌ --- * ## Supported Events -* - **[Official Doc ↗](https://marketplace.zoom.us/docs/api-reference/webhook-reference/#objects-actions-and-events)** +* - **[Official Doc ↗](https://developers.zoom.us/docs/api/)** --- * ## Security Headers * - **Signature Header**: `x-zm-signature` @@ -26,11 +26,11 @@ Zoom uses webhooks to notify third-party apps of events such as Meetings, Webina - **Timestamp Format**: Unix Date --- * ## Documentation -* - [Official Doc ↗](https://marketplace.zoom.us/docs/api-reference/webhook-reference/#verify-webhook-events) - - [IP Origins for whitelist ↗](https://marketplace.zoom.us/docs/api-reference/webhook-reference/#ip-addresses) +* - [Official Doc ↗](https://developers.zoom.us/docs/api/rest/webhook-reference/) + - [IP Origins for whitelist ↗](https://developers.zoom.us/docs/api/rest/webhook-reference/#ip-addresses) --- * ## SDKs and Sample Code -* - [NodeJS Sample ↗](https://github.com/zoom/webhook-sample-node.js) +* - [NodeJS Sample ↗](https://github.com/zoom/webhook-sample) {% /table %} --- From 17668ee1a0156f687c979d4ec6f7e1d08316cd14 Mon Sep 17 00:00:00 2001 From: Tommy Gaessler Date: Wed, 17 Jul 2024 15:01:02 -0600 Subject: [PATCH 2/5] Update one-time-verification-challenge.md Updated Zoom link --- src/pages/security/one-time-verification-challenge.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/security/one-time-verification-challenge.md b/src/pages/security/one-time-verification-challenge.md index ff3eae6..a86f518 100644 --- a/src/pages/security/one-time-verification-challenge.md +++ b/src/pages/security/one-time-verification-challenge.md @@ -22,7 +22,7 @@ description: Learn why and how webhook providers like Twitter, Okta, and Microso - [Okta](https://developer.okta.com/docs/concepts/event-hooks/#one-time-verification-request) - [Smartsheet](https://smartsheet.redoc.ly/tag/webhooksDescription#section/Creating-a-Webhook) - [Twitter](https://developer.twitter.com/en/docs/twitter-api/enterprise/account-activity-api/guides/securing-webhooks) - - [Zoom](https://marketplace.zoom.us/docs/api-reference/webhook-reference/#revalidation) + - [Zoom](https://developers.zoom.us/docs/api/rest/webhook-reference/#validate-your-webhook-endpoint) {% /table %} --- @@ -48,4 +48,4 @@ Webhook notifications are not sent until the challenge response is successful. Webhook integrations seem simple to secure at the surface. However, webhook URLs can be explored by malicious actors — acting as legitimate webhook consumers — to carry out Distributed Denial of Service (DDoS), Server Site Request Forgery (SSRF), and other attacks to the provider infrastructure. The [best practices for webhook providers](/best-practices/webhook-providers#implement-security-on-egress-communication) provides guidelines for mitigating these risks in webhook communications. -{% /callout %} \ No newline at end of file +{% /callout %} From a443bef57bdae3fa3b99c3fa1948488f76602e2d Mon Sep 17 00:00:00 2001 From: Tommy Gaessler Date: Wed, 17 Jul 2024 15:02:59 -0600 Subject: [PATCH 3/5] Update shared-secret.md Updated Zoom link --- src/pages/security/shared-secret.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/security/shared-secret.md b/src/pages/security/shared-secret.md index ddc6ba2..dc81959 100644 --- a/src/pages/security/shared-secret.md +++ b/src/pages/security/shared-secret.md @@ -21,7 +21,7 @@ description: Learn how webhook providers implement shared secrets — Basic Auth - [mParticle](https://docs.mparticle.com/integrations/webhook/event/) - [Okta Event Hooks](https://developer.okta.com/docs/concepts/event-hooks/#one-time-verification-request) - [VMWare WorkspaceOne](https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/System_Settings_On_Prem/GUID-AWT-SYSTEM-ADVANCED-API-NOTIF.html) - - [Zoom](https://marketplace.zoom.us/docs/guides/build/webhook-only-app) + - [Zoom](https://developers.zoom.us/docs/api/rest/webhook-reference/#basic-authentication) {% /table %} --- From 4d0e164d2e1b025809048a5a8302b46f43db816b Mon Sep 17 00:00:00 2001 From: Tommy Gaessler Date: Wed, 17 Jul 2024 15:03:42 -0600 Subject: [PATCH 4/5] Update hmac.md Added Zoom link example --- src/pages/security/hmac.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/pages/security/hmac.md b/src/pages/security/hmac.md index 108cb6b..481ae2c 100644 --- a/src/pages/security/hmac.md +++ b/src/pages/security/hmac.md @@ -23,6 +23,7 @@ description: HMAC is, by far, the most popular authentication and message securi - [Slack](https://api.slack.com/authentication/verifying-requests-from-slack) - [Square](https://developer.squareup.com/docs/webhooks/step3validate) - [Twilio](https://www.twilio.com/docs/usage/security#validating-requests) + - [Zoom](https://developers.zoom.us/docs/api/rest/webhook-reference/#verify-with-zooms-header) {% /table %} --- @@ -90,4 +91,4 @@ Like any other security control, HMAC is only as good as its implementation. In }) ``` 1. Leverage HMAC signatures to implement [replay prevention](/security/replay-prevention), [versioning](/ops-experience/versioning), and [key rotation](/ops-experience/key-rotation) -1. Provide great [documentation](/ops-experience/documentation) and features for better [operations](/ops-experience/intro) \ No newline at end of file +1. Provide great [documentation](/ops-experience/documentation) and features for better [operations](/ops-experience/intro) From a9f0650fbac8126c02e0926c993fb065fd5c5d94 Mon Sep 17 00:00:00 2001 From: Tommy Gaessler Date: Wed, 17 Jul 2024 15:04:27 -0600 Subject: [PATCH 5/5] Update jwt-jwk-oauth2.md Added Zoom example --- src/pages/security/jwt-jwk-oauth2.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pages/security/jwt-jwk-oauth2.md b/src/pages/security/jwt-jwk-oauth2.md index 48b4387..267fa73 100644 --- a/src/pages/security/jwt-jwk-oauth2.md +++ b/src/pages/security/jwt-jwk-oauth2.md @@ -24,6 +24,7 @@ description: Learn how webhook providers use OAuth, JSON Web Tokens (JWTs), and - [Plaid](https://plaid.com/docs/api/webhooks/webhook-verification/) - [SendGrid](https://docs.sendgrid.com/for-developers/tracking-events/getting-started-event-webhook-security-features#oauth-20) - [Wix](https://devforum.wix.com/kb/en/article/about-webhooks) + - [Zoom](https://developers.zoom.us/docs/api/rest/webhook-reference/#token-authentication-oauth) {% /table %} ---