Files
2026-07-13 12:20:06 +08:00

2.0 KiB

Authentication

Authentication methods for Zoom APIs and SDKs.

Overview

Zoom supports multiple authentication methods depending on your use case:

Method Use Case
OAuth 2.0 User-authorized access (on behalf of user)
Server-to-Server OAuth Server-side automation (no user interaction)
SDK JWT Meeting SDK and Video SDK authentication

OAuth 2.0

For apps that act on behalf of users.

Flow

1. User clicks "Connect with Zoom"
2. Redirect to Zoom authorization URL
3. User grants permission
4. Zoom redirects back with auth code
5. Exchange code for access token
6. Use token to call APIs

Authorization URL

https://zoom.us/oauth/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectUri}

Token Exchange

curl -X POST "https://zoom.us/oauth/token" \
  -H "Authorization: Basic {base64(clientId:clientSecret)}" \
  -d "grant_type=authorization_code&code={authCode}&redirect_uri={redirectUri}"

Server-to-Server OAuth

For server-side automation without user interaction.

Get Access Token

curl -X POST "https://zoom.us/oauth/token?grant_type=account_credentials&account_id={accountId}" \
  -H "Authorization: Basic {base64(clientId:clientSecret)}"

Response

{
  "access_token": "eyJ...",
  "token_type": "bearer",
  "expires_in": 3600
}

SDK JWT Signatures

For Meeting SDK and Video SDK authentication. See:

Best Practices

Practice Recommendation
Expiry (exp) Set ~10 seconds after generation
Issued At (iat) Set 2 hours in the past (if exp - iat >= 2 hours required)
Generate server-side Never expose secrets in client code

Resources