when an user provide authorization to Marketplace application and Zoom sends code as querystring to RedirectURLforOAuth…how long is that code valid to utilize with Zoom application client ID/SECRET to generate access/refresh token? thanks…
Hi @sabraha5, an authorization code is unique to each authorization and should be used immediately to retrieve an access token. I’d store/cache the refresh token to get a new access token rather than the authorization code.
hey @michael.zoom…thank you for the response…we are working through the process of handling the RedirectURLforOAuth request and determining whether we needed to generate the access/refresh token immediately…but there isn’t a defined lifetime for the authorization code but best practice to utilize immediately to retrieve access/refresh token and keep those secure…appreciate your feedback/guidance!
Hey @sabraha5,
The correct flow is to get the access / refresh tokens immediately upon redirect. 
Thanks,
Tommy
1 Like