OAuth for server-to-server

Description
I have a server-side application to access some Zoom APIs, which does not have any from-end UI. I am currently using JWT to authorize. I would like to switch to OAuth as it seems more secure compared to exposing my api_secret in JWT.
But OAuth requires a redirect URL, so it requires UI and user-interaction. Is there any way to get around this and do this completely automated through code?

Hey @pnarendra, thanks for posting and using Zoom!

There is, simply activate the OAuth install once. You can use any redirect url, like https://zoom.us.

After install, get the auth code in the query param of the URL, and use it to request an access_token.

Now you can completely automate the process. Save the access_token and refresh_token, and implement logic that refreshes the access_token, and then makes the respective requests.

Does that make sense?

Thanks,
Tommy

It does. Thank you @tommy . Though I would like to ask details regarding creating the OAuth credentials. Since my application is not really an app, what information would be appropriate for for Privacy Policy URL, Terms of Use URL, etc.,

1 Like

Hey @pnarendra,

If this is an internal app (only used by your Zoom account/users), it does not need to be published to the Zoom App Marketplace.

You can ignore those fields :slight_smile:

Thanks,
Tommy

Hey @tommy,
If thats the case then how do you create the account-level credentials for OAuth

Thank you for the help

1 Like

Hey @pnarendra,

Simply create an Account Level OAuth app here, with Intent to Publish set to no.

Thanks,
Tommy

Hey @tommy,
That worked! thanks a lot for that!

Is there a way to increase the expiry time for the access token as 1 hr is too small a time period. I was wondering if there is a way to keep the access token for a day or two?

Hey @pnarendra, happy to hear that worked! :slight_smile:

No, the access_token only lasts for 1 hour, however, you could simply refresh the token each time you make a request.

That being said, the expiry setting is the benefit of using JWT, you can set it for any amount of time.

Thanks,
Tommy