API data silo issue

I have an outside vendor for our company requesting access to our Rest API with JWT tokens to use for the software they are offering our company. I work for a university hospital and cannot grant this access as it will breach HIPPA and FERPA. I am wondering if there is a way to silo out the accounts and API access they need for their tool without setting up a whole another separate zoom org account.

I am trying to avoid setting up another Zoom Org account, because of the trusted domain we have set up, the workflow would be harder on the end-users because they would not be able to use company-provided domain emails for this side tool.


Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?
unknown at this time

How To Reproduce (If applicable)

Screenshots (If applicable)

Additional context

Hi @JWalt - your hesitation here is correct. Do NOT provide any external party access to your account-level API Key / Secret or a JWT which includes them. Access to data can be restricted at the user-level and app-level through OAuth, which will request user-level permission to view / edit data. Any PII data on your HIPPA account should be disabled, but let us know if you have any questions here.

This third-party vendor will need to use OAuth to request your permission to make API requests. To do that, they will need to create an OAuth app on the Marketplace and then submit a Publishable URL Sharing Request in order to Share a Private App onto your account.

Please let us know if we can help here.