OAUTH and JWT connectors on the same Zoom account without affecting security

The Zoom Web SDK (https://marketplace.zoom.us/docs/sdk/native-sdks/web) indicates as a prerequisite that a JWT app must be created on a developer account to be able to connect the web sdk plugin with the Zoom server, but on the other hand it is indicated that it is not advisable to use JWT-based authentication in production environments.

We have an application that uses OAUTH-based authentication for all user level invocations to the api, such as creating a meeting for a host. In addition, our application uses the sdk-web to embed the Zoom videoconference plugin within our Frontend. Both premises make us have to create two types of connectors in our Zoom account, the OAuth and the JWT. But it is recommended not to use JWT connectors in production environments, only in development accounts.

Our question is whether we can have both OAUTH and JWT connectors on the same Zoom account without affecting security.


Hi @rgcarcedozoom,

Thanks for reaching out about this. To clarify, OAuth and JWT apps can both exist under your account, and would operate independently of each other.

The reason OAuth is advised for production level code is because it’s more secure and requires end user authorization, while JWT authorization can be used with a server-to-server level of authorization by just a token (API key and secret combination).

Note that our Web SDK does not currently support OAuth (just JWT at the moment), but this is on our roadmap.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.