Hi @mak202013 ,
Welcome to the Zoom Developer community
Sounds like you’re creating an OAuth app. Client id/secret are the applications credentials and necessary for authenticating access to Zoom APIs. Secret token & verification are or Zoom Webhook/WebSocket event access. Please review the following documentation to know the purpose of these things in more detail:
Reference this thread: Difference between redirect URL and allow list in app settings - #4 by will.zoom
If you prefer to have an internal app (non-publishable, server to server), a server-to-server OAuth app would be the route to go. There is no allow list for this app type.
Reference these posts and resources for getting started with S2S:
- Just Want to Make Some Simple API Calls - #4 by elisa.zoom
- Setting up Server-to-Server (S2S) OAuth to test Zoom APIs via Postman | by Jenzus Hsu | Medium
- Our public workspace: Postman
Here are some links I found that could be useful: