I have noticed on the developer page the big warning about “migrating this to the marketplace”. We are currently re-writing some code to move from API v1 to v2, and are not sure how (or when) this is going to effect us. We want to avoid doing another code rewrite in a couple months for a “marketplace app”. If that is the case we would rather just do it now.
The problem with the marketplace app is that it is setup for an end-user/client experience, whereas we just want a simple API and Webhook integration from our web server to Zoom. There does not seem to be a way to get a typical server-to-server app authenticated properly. And we surely do not want it submitted to an open marketplace.
The reason I ended up in the marketplace is because we would like to enable multiple webhooks. And this post (https://support.zoom.us/hc/en-us/community/posts/360024933872-Only-1-webhook-allowed-) says they are only available for marketplace apps. But the entire marketplace authentication flow (OAuth) is considerably different from the JWT based server-to-server communication.
My questions are:
- Is the expectation that all current “regular API” integrations be moved to marketplace apps?
- If so, how are we supposed to authenticate our server based app? The current OAuth flow does not seem to support this. Is it even possible to setup an app for a whole account? All the OAuth documentation is aimed at handling individual users.
- What is the time frame on this change?
- Is there any plan to support multiple webhooks for simple API integrations if they are not being completely retired?
This whole thing is very confusing and I do not feel like the expectations have been communicated well to developers. The marketplace apps are a great addition to Zoom, but in their current form they do not fill the same role that our simpler server-to-server API integration does. On the other hand, they offer better webhook support which we want to make use of. It is ridiculous to say “oh we offer this in the marketplace now”, but the entire thing is broken for server-to-server use cases.
I found this post (https://support.zoom.us/hc/en-us/community/posts/360017928426-OAuth-redirect-and-JWT-support) which suggests there is currently no plan to sunset JWT based auth… is that still accurate?
Any clarification on these points would be hugely appreciated.