I’m new to the land of Zoom API and I’m confused with JWT vs OAuth for an API.
Question #1: Am I understanding it correctly that you can only have one JWT public/private/token per Zoom customer site (company A, lets say)? …and this JWT’s public/secret key information is shared across all APIs and any JWT app has access to ALL JWT API apps on the site? This seems dangerous to me in that any of these JWT users could potentially re-generate keys? Please comfort me with insightful wisdom here.
Question #2: OAuth seems a bit more secure than JWT in that an OAuth app gets its own dedicated public/private keys? And if OAuth uses ‘scopes’, does this limit the use of OAuth where JWT has more access beyond available OAuth scopes?
Question #3: With Zoom API builds, I’m sensing that OAuth is the most secure approach and not use JWT. Are their limitations by restricting to OAuth? Are their API build scenarios that ABSOLUTELY requires the use of JWT?
Waiting with great anticipation to obtain wisdom from you awesome developer humanoids.