Generating signatures server side for the web sdk with node.js

So the docs show how to generate signatures server side only with PHP. Not sure how to do the same with nodejs. Can someone post an example?


1 Like

Hello @shahar and thanks for asking a valuable question.

I’d be happy to provide an answer, but I am unable to locate the specific documentation (containing the PHP code) to which you’re referring. Please accept my apologies, we’ve been moving fast and migrating our docs to more flexible systems, but that means we have some fragmentation and perhaps duplication of content on multiple URLs.

I tried searching our current Developer Documentation for signature, but couldn’t find a PHP example.

Would you share the URL for the docs to which you are referring to specifically please?


Hi Ben,

It’s here:

Here’s a screen shot:

1 Like

Thanks for that @shahar

I haven’t tested any of this code, so there are likely bugs, but I have created this Node.js module which you can require from within your app code and use to generate the signature hash as required by those docs.

You would use it as follows:

const zoomUtil = require(`<relative_path_to_where_you_save_this_module.js`);
let myMeetingNumber = 12345; // replace this with a real meeting number
let myParticipantRole = 0; // to make myself participant, but default is 1 for host
let mySignature = zoomUtil.generateSignatureString(myMeetingNumber, myParticipantRole);
// now, mySignature should be valid and ready to use

I hope this helps, let me know if you run into issues with this at all.

Hi @bdeanindy

I really appreciate your effort and timely response, however it doesn’t work… I fixed some tiny errors myself, but still it doesn’t provide a correct signature…
Can you test it with actual api_key, api_secret and meeting_number and see that you get a vaild signature?

You know, you have this code working in webim.js, it is just minimised and obfuscated so I can’t really figure it out, but I’m pretty sure you can get access to the source code, and be able to port it.

What is the specific error response you’re receiving please?

@bdeanindy Permission denied

Which keys are you using please?
API or SDK keys?

Here is the second version of this app’s code (wow! my v1 was HIDEOUSLY BAD…LOL).
Anyway, this is all cleaned up.

  1. Unzip
  2. Rename env.tmpl --> .env
  3. Update the values in .env with your values (make sure to use the SDK Keys, NOT the API Keys).
  4. Write/Save/Close files
  5. node index.js

There’s your signature, and I just tested from scratch with a meeting and it worked just fine.
Let me know if you hit any snags and hope this helps!

Didn’t know there was a different set of SDK key+secret…

Anyway, when I run it with the SDK key+secret set, I get the message: “The api key is wrong.”
When I run it with the API key+secret, I get “Invalid signature”.

All that said, when I run the sample-app-web I run it with the API key+secret and it works, not with the SDK set.

Also, the length of the signature generated by the sample-app-web (it prints it to the console) is much shorter than the one your module generates.


For your invalid signature error, what Role to do you have it set to, 1 or 0?

@bdeanindy I use 0 for role.

The SDK uses completely different API than our REST APi. Thus the different Key Sets.

I am busy handling an escalation, and the code I’ve provided worked for me/gets you moving in the right direction.

Could you spend some time working with this code to get it working for yourself and share what you’ve learned here for others (and to me…so I can see what you needed to get things working for yourself)?

OK I spent much time and to no avail. Am I the only one in the world trying to generate signature server side in nodejs? It’s so frustrating, you HAVE the code working in it is just so obscured and minified I can’t make much of it. You have access to the source, can’t you simply port it???
On top of it, I am a PAYING customer to zoom, can’t I have this thing sorted out?

Here’s the best unobfuscated version of the code that I can see

Hey @shahar
We understand your frustration, appreciate your business, and are trying to help.

Debugging code remotely is a challenging situation for everyone involved.

I will revisit my code to perform some additional tests.

What version of Node.js are you running please?

Try this out (that’s from the source).

import * as base64JS from 'js-base64';
import * as hmacSha256 from 'crypto-js/hmac-sha256';
import * as encBase64 from 'crypto-js/enc-base64';function generateSignature(data) {
    let signature = '';
    const ts = new Date().getTime();
    try {
        const msg = base64JS.Base64.encode(data.apiKey + data.meetingNumber + ts + data.role);
        const hash = hmacSha256.default(msg, data.apiSecret);
        signature = base64JS.Base64.encodeURI(`${data.apiKey}.${data.meetingNumber}.${ts}.${data.role}.${encBase64.stringify(hash)}`);
    } catch (e) {
    return signature;

@bdeanindy Praise you and the lord it works!!!
That’s all I needed!
btw, it works with the API key/secret set and NOT with the sdk set.

@bdeanindy now the only thing that bothers me is that the embedded zoom works ONLY if i have /lib and /lib/av paths in my website, this is soooooo amateur to enforce me to have that, I want to put my resources on a CDN!

Hello @shahar
While we can appreciate developer frustration, our code of conduct prohibits name calling or any unprofessional behavior. Please refrain from this in future posts. :smiley:

1 Like