Starting March 2, 2026, a Meeting SDK app can’t join meetings hosted by external accounts with only a Meeting SDK signature/JWT; it must be attributed using an OBF (On Behalf Of) token per Zoom’s Meeting SDK authorization FAQ and the Meeting SDK auth docs. That means OAuth is required for cross-account joins to obtain OBF or ZAK, where one of these is required to join the call
In your scenario (participant-only Web app, role 0, no REST impersonation), OBF is still required when joining meetings hosted by external accounts, because it’s the attribution model for cross-account joins in the FAQ table. Note the FAQ’s constraint that OBF depends on an associated authorized user being in the meeting, as described in the same FAQ section
If the meeting is within your app owner’s account, JWT-only join for role=0/non-login remains allowed in the FAQ table. If you can’t have a Zoom user authorize/present, Zoom points to RTMS as the alternative in the same link, where the host can authorize your app to join/record
If you want to go deeper, feel free to check out Recall.ai - we’ve supported thousands of developers through these exact implementation details. We’re also a Zoom RTMS Preferred Partner and you can get further support through Recall.ai if interested!