Configure Zoom webhooks for subscriptions, signature checks, event handling, and retries.
The material indicates this is essentially a reference/documentation skill for Zoom webhooks, and it is system-classified as prompt-only and open-source. There is no evidence that the skill itself executes code, accesses local data, or connects to remote endpoints; the main caution is that the docs mention a Zoom webhook secret and server-side handling as integration guidance rather than behavior of the skill itself.
The system metadata says the skill itself requires no keys or environment variables. The README only mentions a webhook secret token for Zoom signature verification as part of an external integration, with no evidence that the skill itself collects, stores, or exfiltrates credentials.
Neither the material nor the system checks declare any remote endpoint used by the skill. The content mainly explains how to receive Zoom webhooks at a user-managed HTTPS endpoint, meaning the described traffic is from an external service to the user's system, not active data egress by the skill.
This skill is classified as prompt-only. Although the README includes an Express.js sample, it is a static reference snippet and does not indicate that the skill itself launches processes or executes commands locally. No runtime system permissions are declared.
There is no indication that the skill reads or writes local files, databases, system resources, or user data. The documentation only discusses validating HTTP headers and request bodies in a webhook handler, which is application-level example logic rather than the skill's own data access capability.
The source is an open-source GitHub repository, and auditability is a clear risk-reducing factor. However, the license is unspecified, community adoption is listed as 0 stars, and maintenance status is unknown, so supply-chain confidence is moderate and the repository should be manually reviewed before production use.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "setup-zoom-webhooks" skill from askskill: 1. Download https://raw.githubusercontent.com/anthropics/knowledge-work-plugins/main/partner-built/zoom-plugin/skills/webhooks/SKILL.md 2. Save it as ~/.claude/skills/webhooks/SKILL.md 3. Reload skills and tell me it's ready
Explain how to design a Zoom webhook subscription flow, including event selection, callback URL setup, secret storage, and pre-launch checks.
A step-by-step implementation checklist covering event selection, endpoint setup, and launch readiness.
Give me an implementation plan for Zoom webhook signature verification, including headers, signature calculation, timestamp checks, and common failure handling.
A verification guide that can be used to build a secure webhook receiver.
Design a retry, deduplication, and idempotency strategy for failed Zoom webhook deliveries, and include logging and alerting recommendations.
A reliability plan for consistently receiving and processing duplicate or failed events.
Background reference for Zoom event delivery over HTTP. Prefer workflow skills first, then use this file for verification, subscription, and delivery details.
Need help with authentication? See the zoom-oauth skill for OAuth setup.
// Express.js webhook handler
const crypto = require('crypto');
// Capture raw body for signature verification (avoid re-serializing JSON).
app.use(require('express').json({
verify: (req, _res, buf) => { req.rawBody = buf; }
}));
app.post('/webhook', (req, res) => {
// Verify webhook signature
const signature = req.headers['x-zm-signature'];
const timestamp = req.headers['x-zm-request-timestamp'];
const body = req.rawBody ? req.rawBody.toString('utf8') : JSON.stringify(req.body);
const payload = `v0:${timestamp}:${body}`;
const hash = crypto.createHmac('sha256', WEBHOOK_SECRET)
.update(payload).digest('hex');
if (signature !== `v0=${hash}`) {
return res.status(401).send('Invalid signature');
}
// Handle event
const { event, payload } = req.body;
console.log(`Received: ${event}`);
res.status(200).send();
});
| Event | Description |
|---|---|
meeting.started | Meeting has started |
meeting.ended | Meeting has ended |
meeting.participant_joined | Participant joined meeting |
recording.completed | Cloud recording ready |
user.created | New user added |
| Type | Repository | Stars |
|---|---|---|
| Node.js | webhook-sample | 34 |
| PostgreSQL | webhook-to-postgres | 5 |
| Go/Fiber | Go-Webhooks | - |
| Header Auth | zoom-webhook-verification-headers | - |
| Language | Repository | Description |
|---|---|---|
| Laravel | binary-cats/laravel-webhooks | Laravel webhook handler |
| AWS Lambda | splunk/zoom-webhook-to-hec | Serverless to Splunk HEC |
| Node.js | Will4950/zoom-webhook-listener | Webhook forwarder |
| Express+Redis | ojusave/eventSubscriptionPlayground | Socket.io + Redis |
…
Embed Zoom Virtual Agent chat on web with secure controls and context updates.
Quickly add Zoom’s prebuilt React video UI to web workflows.
Create stakeholder updates tailored to audience, cadence, and communication goals.
Review an analysis for methodology, accuracy, bias, and evidence support.
Generate people analytics reports on headcount, attrition, diversity, and org health.
Identify, categorize, and prioritize technical debt for smarter refactoring decisions.
Set up Zoom WebSockets for low-latency, persistent event delivery.
Build Zoom Phone integrations, call workflows, and telephony automation features.
Implement Zoom Meeting SDK joins, auth flows, and platform-specific integrations.
Build and troubleshoot Zoom Contact Center integrations, state handling, and callbacks.
Build custom video session apps with full control using Zoom Video SDK
Build Zoom Team Chat integrations, bots, and interactive messaging experiences.