We’d like to access our client’s data by integrating with Zoom API (to get recordings, users etc.).
As I understand - our most viable option is to develop public app with oauth authorization and then integrate with API, using oauth and somehow distinguishing between different clients?
Or can this use case be achieved by using JWT app?
Yes, OAuth would be the most appropriate route here. This way, you can develop an app to access certain endpoints/user information exclusively through the scopes associated with each endpoint.
Your clients would install your app to their account thereby allowing you access to the information on those endpoints.
Why JWT is not recommended here:
Your client’s would need to create a JWT app and share the app credentials with you to access information on certain endpoints.
JWT credentials are like a master key to ALL endpoints which can pose security concerns for your customers. For example, if they share their credentials with you (something we do not recommend or encourage) and there was a security breach, someone could use their credentials to access all of their info across all endpoints.
JWT apps are better for in-house/server to server use.