How to choose JWT or OAuth authentication for Zoom Meetings integration to My Website?

Hi, I am new to the zoom integration, and after going through the document of authentication methods I am still confused. So our company is trying to integrate zoom meetings to our website zoom API.

I have Used OAuth Authentication for getting access_token with grand_type as authorization_code. But for this, I need to get code instantly for each call. How can I obtain code for each API call ? Is there any portion i went wring

public function getBearerToken(){
$clientID=“YEKb5hW_T6mVzHd7wpxqw”;
$clientSecret="*******************";
$code=“F0z6nzgLCu_EmFIrUhBTpumQCipK9MXfA”;
$content = “grant_type=authorization_code&code=$code&redirect_uri=https://www.tutorsvalley.com/payment_success.php”;
$token_url=“https://zoom.us/oauth/token”;

    $curl = curl_init();
    $base64 = $clientID.":".$clientSecret;

    curl_setopt_array($curl, array(
        CURLOPT_URL => $token_url,
        CURLOPT_SSL_VERIFYPEER => true,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => $content,
        CURLOPT_HTTPHEADER => array(
            "Authorization: Basic ".base64_encode($base64),
          ),
    ));
    $response = curl_exec($curl);
    curl_close($curl);
}

Thanks so much, and sorry for the messed up question. Hope this makes sense.

Regards,
Vidya Balakrishnan

Hey @vidya.webandcrafts, thanks for posting and using Zoom!

Is this integration for internal purposes only?

If so, you can use the JWT Token method of authentication if you don’t need to share the integration outside your Zoom account.

Here is the example usage:

GET https://api.zoom.us/v2/users

"Authorization": "Bearer JWT_TOKEN_HERE"

Let me know if that helps! :slight_smile:

Thanks,
Tommy

1 Like

Thanks for the help :slight_smile:

1 Like

You are welcome! :slight_smile:

-Tommy

Hi @tommy, is there a restriction on JWT token’s access? Can it do every admin task, including delete users and access all recordings?

I am in a similar scenario where I want to avoid storing the refresh token for generating next access token.

is there a way to restrict JWT token’s access, so that it can only perform limited tasks, such as starting a meeting?

Thanks

Thanks

Hey @zenatwork,

The JWT Token can be used to call any of the Zoom endpoints unless otherwise stated:

Unfortunately no, if you want to limit the access a token has to the Zoom API, you should use OAuth with the respective scopes.

Thanks,
Tommy

Thanks @tommy.

The oauth tokens are painful. Since the refresh token changes on each new access token generation, it has to be stored somewhere and updated on each new access token generation.

This creates complexity. I wish there was one constant value in oauth process, which can be used to request new access tokens. From security point of view, if compromised, refresh token or any constant, have the same risk.

Thanks

Hey @zenatwork,

Sorry to hear you think this process is painful, although it is the industry standard way of handling authentication.

Thanks,
Tommy

1 Like

Hi @tommy, does zoom api supports calls using username and password, either to create a new access token or to start a new meeting?

Also, can we start a zoom meeting with a password, using the zoom slack app?

Thanks

Hey @zenatwork,

Not directly, but through the OAuth flow, the user will login to authorize your application so you can get a auth code, and then access_token. :slight_smile:

Yes, see docs here: https://zoomappdocs.docs.stoplight.io/slack-app#zoom-slack-app-features

Thanks,
Tommy