We are currently using JWT tokens to pull data from the Zoom API. However, we found out that we can perform all HTTP operations using the JWT token (POST, PATCH, DELETE). For security reasons, we just want to restrict the operations to GET.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Sample Endpoint: https://api.zoom.us/v2/metrics/meetings?from=2021-07-01&page_size=10&type=past
How To Reproduce (If applicable)
Steps to reproduce the behavior:
- Call Endpoint using PATCH or DELETE
- Can make changes to data (which we don’t want)