OAuth2 with Zoom API on server side

I am working on a web application which uses Zoom API. The web application has UI and backend API server. I wonder if I can use OAuth2 when I try to call the Zoom API from my web server side. Or should I use JWT in this case.
I tried to use http client to call the following url, but its response mentioned “We’re sorry but oauth-login doesn’t work properly without JavaScript enabled”

I am trying to retrieve all of the IM sessions in a time range with the following Zoom API

The API is deprecated, but I don’t find alternate API that can be used to retrieve all of the IM sessions.
The above API is working only with OAuth2 token and JWT is not working with the error message:
“This API only supports oAuth2 for authorization.”

The server side OAuth2 authorize process has problem when working with UI.
The UI side refuses the above /oauth/authorize URL from the server (due to CORS ?)

Hey @szhang,

What is your use case for needing to call the deprecated IM Chat APIs?

To get users chat messages you can use the List Users Chat Messages API.


Thank you for the reply!
I need to retrieve all of the IM sessions and IM chat messages(in these sessions) within a time range for our company. Currently, I find /im/chat/sessions and /im/chat/sessions/{sessionId}.

I guess my case belongs to server to server application and JWT may be more suitable. However, the above Zoom API only supports OAuth2.

I have a “SuperUser” created and the application is delegated with the permission by OAuth2 authorization. We met the following two issues when using OAuth2 on the server side.

  1. The server side (ASP.NET Core) can’t call /oauth/Authorize silently (as a http client) because it requires “javascript enabled”. The current solution is UI side get the /oauth/Authorize from server side and initiate the request. The UI will pass the code to the server and server calls the /oauth/token to get the access token.
  2. We have another server client which is a service. We have similar problem when use the service with the server because the service doesn’t have browser.

So if there are Zoom API that support JWT can retrieve the IM sessions and IM chat messages, we may use JWT for our case and avoid the above issues. Our application also retrieves meetings and Webinars information (and recordings) and those Zoom APIs support JWT.

Thanks a lot!

Hey @szhang,

We do not have account level (JWT) Chat APIs yet.

You can use the User Level OAuth2 approach and authorize the app once, and then use the refresh token flow to keep a valid access token and make requests to get users chat messages.


Thank you for the reply!
Correct me if I am wrong. You refer to use the mentioned OAuth2 approach for /im/chat/sessions and /im/chat/sessions/{sessionId} to collect all IM chat data.

Yes, that is what we have done. However, as I mentioned, we met 2 issues when using OAuth2 on the server side.
The 1st issue we can resolve with UI. However, we can’t resolve the 2nd issue when there is another service to call the web application server. No UI in the 2nd case so we can’t pass the OAuth2 authorization because it requires the browser.

Thank you!

Hey @szhang,

Correct. Is there a way the user can authorize the app so you can get access?


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.