We are currently integrating Zoom RTM Webhooks into our application and have encountered an issue with the validation process.

Zoom requires a single webhook URL that is used for two purposes:

1. Validation – Zoom sends a request with a plainToken that our server needs to echo back in a specific format.

2. Events – After validation, Zoom sends event payloads (e.g., meeting started, participant joined) to the same URL.

The challenge we are facing is that the Zoom SDK we are using appears to spin up an internal server and only exposes event handler functions. It does not expose the underlying HTTP endpoint, so we are unable to handle the initial validation request directly. Since both validation and events are sent to the same URL, we are stuck at the validation step.

Our questions are:

1. Is there a recommended way to handle the validation request when using the SDK?

2. If not, is it possible to configure the SDK so that we can intercept or extend the raw HTTP endpoint to respond to validation?

3. Could you confirm the exact response payload expected for the validation request (e.g., plainToken vs. encryptedToken format), so that we can prepare a workaround if needed?

In short, the issue is that Zoom expects the same webhook URL for validation and events, but the SDK does not currently provide a way to respond to the validation request.

Any guidance or examples on how to resolve this would be greatly appreciated.