The URL that you use to complete OAuth authorization needs to be publicly accessible. That way, you can complete the OAuth authorization. From there, you could pass the access token to a private server but in order to use the API, you’ll want to open the firewall to the *.zoom.us subdomain.
Alternatively, you can create a JWT App if the users that you would be accessing are under your account. An OAuth app will allow you to make requests on behalf of other users/accounts.
Let me know if that helps.