We got this email:
As a part of our continuing efforts to improve the security of Zoom OAuth App Types using Authorization flow, we are removing the ability to set the access tokens, refresh tokens and revoke tokens in the URL query parameters. This change will take effect on February 14th, 2023.
It is strongly recommended that you update your API calls to set the token values in the Authorization header and not the HTTP query parameters. Failure to do so will result in rejected API calls and a reduced functionality for your application.
You can read more about the change on the FAQ and how to do OAuth via the Authorization header.
And you do clearly state there “, refresh tokens and revoke tokens”.
But the " OAuth via the Authorization header" link goes straight to https://marketplace.zoom.us/docs/guides/auth/oauth/#refreshing-an-access-token which shows the exact thing you are apparently removing.
And https://devsupport.zoom.us/hc/en-us/articles/12363164278669-API-access-token-change only talks of access_token.
So how do we comply with your new policy?