JWT Token Restrictions

agffior · September 16, 2021, 5:04pm

Description
We are currently using JWT tokens to pull data from the Zoom API. However, we found out that we can perform all HTTP operations using the JWT token (POST, PATCH, DELETE). For security reasons, we just want to restrict the operations to GET.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
Sample Endpoint: https://api.zoom.us/v2/metrics/meetings?from=2021-07-01&page_size=10&type=past

How To Reproduce (If applicable)
Steps to reproduce the behavior:

Call Endpoint using PATCH or DELETE
Can make changes to data (which we don’t want)

MaxM · September 17, 2021, 11:43pm

Hey @agffior,

Thank you for reaching out to the Zoom Developer Forum. Currently, we don’t have a method to restrict the scope of access when using a JWT App.

When using an OAuth App, you can select scopes that only allow reading of data, instead of writing, and this would effectively disable POST, PATCH, DELETE requests when using that app.

Let me know if that helps.

Thanks,
Max

Topic		Replies	Views
JWT application App Marketplace	9	1841	August 10, 2020
API endpoints with JWT API and Webhooks	2	437	August 21, 2020
Zoom jwt token not working today. It was working before API and Webhooks	2	597	September 24, 2020
How to choose JWT or OAuth authentication for Zoom Meetings integration to My Website? API and Webhooks	10	3750	August 21, 2020
Unable to access one zoom API end point API and Webhooks	5	953	May 22, 2021

JWT Token Restrictions

Related topics