We need to utilize UserManaged OAuth to create meeting/webinar on behalf of users via Zoom API…and so wondering when we create the Marketplace Zoom application to have users within our account provide permission to manage meetings, does their authorization stay with this application…and so when we utilize the Zoom API from our code, do we use the client ID/SECRET associated to the application from our code calling the ZoomAPI and if we need to create on behalf of user who has provided permission then does it work because the application has the users permission?
no worries about initial question about using user OAuth token rather than client ID/SECRET of the marketplace application…as it seems that it is required to use the user OAuth token provided once user provides acceptance to the authorization request…and so wondering how long-lived is the access/refresh token? do we need to request the user to provide approval to the authorization request?
Hey @sabraha5,
The access_token lasts for 1 hour, and the refresh token lasts for 15 years. Checkout our guide here:
Thanks,
Tommy
thank you @tommy for the response! i was wondering does the authorization code provided have a lifetime or just a one-time use and no expiration?
Hey @sabraha5,
The authorization code in the redirect url query param should only be used once, right away to get an access and refresh token. 
Than you store and refresh the access and refresh tokens.
Thanks,
Tommy