| description | Diagnose Zoom webhook issues across endpoint validation, signature verification, event delivery, retries, and handler logic. |
|---|
Use this command when Zoom webhook events are not arriving, signature validation is failing, endpoint validation is broken, or handlers are processing the wrong payload shape.
- Inspect the repo for webhook routes, signature verification code, event subscriptions, and deployment endpoint configuration.
- Capture the failing symptom: no events, validation failure, signature mismatch, retries, or handler-side processing error.
- Confirm the public callback URL, webhook secret env var name, and raw body handling path without printing secrets.
- Check whether the implementation uses the exact raw request body for signature verification.
- If the repo has no webhook endpoint yet, say that before attempting webhook debugging.
Before changing anything:
- identify whether the likely fault is registration, validation, signature verification, transport, or business logic
- list the files and logs that will be checked
- state whether a replay or local reproduction will be used
- Inspect endpoint registration and subscribed event names.
- Verify the endpoint validation flow is implemented for the expected Zoom webhook handshake.
- Verify signature checking uses the raw request body, correct timestamp handling, and the right secret source.
- Inspect handler parsing and downstream logic separately from signature verification.
- Reproduce the failing request path with a safe replay or fixture when possible.
- Apply the minimum fix needed to the failing layer instead of rewriting the entire webhook stack.
- Re-read the webhook route and verification helper after changes.
- Confirm the endpoint validation path now returns the expected response shape.
- Confirm the signature verification code operates on the raw body and correct headers.
- If logs or replay are available, verify the handler reaches application logic successfully.
- If delivery still fails, state whether the remaining blocker is registration, public reachability, or Zoom-side configuration.
## Result
- Action: diagnosed or fixed a Zoom webhook issue
- Status: success | partial | failed
- Details: failing layer, files checked, fix applied, remaining blocker
- Send one real or replayed event through the endpoint.
- Add regression coverage for signature verification and endpoint validation if missing.
- If the root cause is auth or app setup, run
/debug-zoom-author/setup-zoom-oauthnext.