I have a server-side application to access some Zoom APIs, which does not have any from-end UI. I am currently using JWT to authorize. I would like to switch to OAuth as it seems more secure compared to exposing my api_secret in JWT.
But OAuth requires a redirect URL, so it requires UI and user-interaction. Is there any way to get around this and do this completely automated through code?
Hey @pnarendra, thanks for posting and using Zoom!
There is, simply activate the OAuth install once. You can use any redirect url, like
After install, get the auth code in the query param of the URL, and use it to request an access_token.
Now you can completely automate the process. Save the
refresh_token, and implement logic that refreshes the
access_token, and then makes the respective requests.
Does that make sense?
If this is an internal app (only used by your Zoom account/users), it does not need to be published to the Zoom App Marketplace.
You can ignore those fields
If thats the case then how do you create the account-level credentials for OAuth
Thank you for the help
Simply create an Account Level OAuth app here, with Intent to Publish set to no.
That worked! thanks a lot for that!
Is there a way to increase the expiry time for the access token as 1 hr is too small a time period. I was wondering if there is a way to keep the access token for a day or two?