JWT App “developer.zoom.us API”

Like many of you, I got an email on Monday talking about deprecating JWT apps. I’ve got this app named “developer.zoom.us API”. On the Management page it says “Live on your account Updated Jan 05, 2019 11:05 PM” It’s apparently a JWT app, and the logs show it gets a lot of calls, or whatever.

Here are some sample log entries:

12:51:59 PM Aug 04, 2023 200 https://zoom.us//v2/users/fLidsxpxSQig9fcE5hZXgA/assistants

12:51:35 PM Aug 04, 2023 200 https://zoom.us//v2/meetings/96698674294

I’m one of the Zoom administrators at a small college, I’m not a developer. I don’t know what this app does or how it got here or who created it or why. I don’t want to just delete it because don’t want users to be mad at me (though, that would at least have the virtue of telling me what it does).

I’ve looked in the deprecation guide JWT deprecation guide

And the Migration guide JWT app type migration guide among others.

So, is there any way of finding out what this app does and/or what will happen if I delete it? Is there a way to upgrade it to OAuth or whatever? (There’s no Validate button where there should be one). Is there a way to find out who in my College is using it? Any help would be appreciated.


You have a meeting ID, you can find out who scheduled it and talk to that person to find out how it was scheduled.

Hi @cthelen
Thanks for reaching out to us and welcome to our community!
If you have a meeting ID handy, I can help you look into that as @jakub.sochacki said.
That will give us at least an idea on who’s the meeting owner and we might be able to find out who is using the JWT app to generate those meetings.

Hi, Elisa, thanks for reaching out!
Here’s my sample:
Meeting ID 94378555478 “Facility Supervisor Interview - Carlos Salazar” created by rhh1@stmarys-ca.edu
I emailed the creator, and she said she created it via Google Calendar.

We did the Zoom integration with Google Calendar ages ago, possibly the January 5 2019 it says about the JWT app. So, maybe this connector needs to be re-done / re-created using modern protocols?

Note also that the email specifically called out our other app, Zoom Studio Cloud Recordings, which was just done a month or two ago according to the Canvas instructions. But, there are only a few log entries for that app. Is it possible that is the app causing trouble, even though it’s new?

I go to the App Marketplace App Marketplace and click the Manage button to see the two apps mentioned here, and their associated logs.

So, yeah, any help you could give would be welcome. Cheers!

Hi @cthelen
Thanks for sharing more details with me.
Do you happen to have a link to the Canvas instructions that were provided to you?
As well as the link to the Google calendar connector?
I just want to make sure that these 2 integrations are not requiring you the JWT app type credentials


Hi, Elisa, here are the Canvas instructions:
[How do I configure my institution's Zoom app to se... - Instructure Community]
I have since discovered that Zoom has its own instructions, but have not (yet) compared notes. Though, if you can determine that it’s the Canvas integration that’s causing the warning, then at least I’ll know what’s going to break!

As far as the Google Calendar… that was a long time ago, and I’ve no idea what the instructions were. I have looked through my old docs for any links or clues and come up empty. More likely than not they’ve changed several times since then…

At any rate, if the problem really is the Canvas integration, I could switch to using the Zoom instructions before the term starts in 2 1/2 weeks…

Thanks for sharing that link with me. It looks like the Canvas integration using OAuth app to make API calls, so this warning is not coming from Canvas, so that won’t break.

And I believe google calendar also uses OAuth so you should be good.

I will continue investigating this further and will keep you updated.

Thank you so much! I kinda hope this is a “false warning,” 'cause I’m scared to mess with my Zoom setup just 2 weeks before the beginning of the undergraduate Fall semester.
But, let me know whatever you find!

Hi @cthelen
I was able to identify the JWT app that is making API requests.
I just sent you a private message, could you please follow up there.

This topic was automatically closed after 30 days. New replies are no longer allowed.