Help me to migrate from JWT to OAuth using PHP Curl


Hello All,

We have integrated zoom api with jwt authentication.

As JWT is deprecating soon, need to migrate it Server-to-Server OAuth or an OAuth app.

From the above 2 (Server-to-Server OAuth or an OAuth app) which one is easy and safe in coding point of view.

Someone please share code or guide for migrating


Hi @Dora_Reddy ,

Server-to-Server OAuth app is the most closely related to JWT in terms of access and purpose.

To get started, take a look at our Postman Workspace for guidance on Server-to-Server OAuth: Create meeting link on behalf of external users by hosting OAuth Account Level APP - #3 by hmshah.1984

You can use Postman’s code snippet feature for sample code:

1 Like

Hello @gianni.zoom Thanks for the details.

When using jwt authentication, Only JWT token enough for all API calls.

So how can i need to change my existing code below with OAuth Please help

            $request_url = ''.$host_id.'/meetings';
        $headers = array(  "authorization: Bearer ".$this->zoom_jwt_token,
                           "content-type: application/json"
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $request_url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
	curl_setopt($ch, CURLOPT_CUSTOMREQUEST,$customrequest);
	if(isset($data) && !empty($data))
	$postFields = json_encode($data);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); 
	$response = curl_exec($ch);

Do you mean only JWT allows you to access all API endpoints? Or that JWT does not expire?

For Server-to-Server OAuth, you can access all the endpoints with the correct scopes. As far as token expiry, Server-to-Server OAuth expires after 1 hour and you need to generate a new token unlike with JWT where you can set the expiration for as long as you want.

We actually set JWT for longer expiration date and save it in DB and used the JWT token for all API calls.

So for Server-to-Server OAuth, Is it ok to set high-level scope for App and use it for all API end points?

Can you please provide me php code for create meeting API with Server-to-Server OAuth.

Yes this is okay.

Click on the code icon and scroll for PHP snippet: Postman

Thanks for the help. I’m successfully migrated from JWT to Server-to-Server OAuth.

1 Like

This topic was automatically closed 368 days after the last reply. New replies are no longer allowed.