PHP & JWT - Basic instructions

I’m an experienced PHP developer but have only a little work with RESET API’s and none with JWT. For the life of me, I cannot figure out to get the JWT token without having to manually create it using the marketplace UI.

I’ve read numerous posts on this site, to no avail.

Hi @laurinkeithdavis, have you tried using one of the recommended libraries on JWT.io?

We also have sample PHP code on our JWT docs, are you able to add this token generation to your requests?

Yes, tried https://github.com/firebase/php-jwt, but there things in the Zoom API documentation that do not match up. For example:

iss , the issuer of the token, is your API Key.

exp is the expiration timestamp of the token in seconds since Epoch (unix epoch time).

{
  "iss": "API_KEY",
  "exp": 1496091964000
}

However, in the firebase/php-jwt docs:

$payload = array(
“iss” => “http://example.org”,
“aud” => “http://example.com”,
“iat” => 1356999524,
“nbf” => 1357000000
);

Why does the Zoom API documentation state “iss” is “API_KEY” and not a URL? I’ve tried using various examples, but I can’t get it to work.

Every REST API that uses a JWT may have their own structure for the payload. What is given by the library is just an example of a common format. Zoom tells you what format it needs, so just use that format, regardless of if the issuer parameter being used for the API key vs a URL.

I’ve not tested this exact example myself, but it should go something like:

/* Based on the firebase/php-jwt docs with Zoom's specifications */
use \Firebase\JWT\JWT;

$key = "my api secret here";
$payload = array(
    "iss" => "my api token here",
    "exp" => time()+36000, // expire in 10 hours
);

$jwt = JWT::encode($payload, $key, 'HS256'); // use the secret to sign the payload with a specific hashing algorithim

print_r($jwt); // This is your JWT token. Paste it into https://jwt.io for verification that it is valid. 

/* Now we can talk to Zoom directly using Zoom's PHP example */

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1", //This is the Zoom API endpoint you'd hit to get a list of active users. 
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "authorization: Bearer {$jwt}", // You provide your JWT token in the Authorization header. 
    "content-type: application/json"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Alternatively, if you do not want to use the firebase/php-jwt library, you can generate the token yourself. There’s an example from another user here that works with minimal modification: JWT token creation

2 Likes

Thanks for sharing this @samly!! Hope this helps @laurinkeithdavis!

Yes, that works, thanks!

Well, thanks for the help everyone, but could have saved myself a lot of time if I had realized that the API endpoint I wanted to use was for Business plans only (I have a Pro - this is not for a business, but for personal use).

Hi @laurinkeithdavis, which API are you using? All APIs are available to all users, but the feature will have to be available to your account. For example, if you don’t have Cloud Recording enabled for the user, there will be no data to access via Cloud Recording APIs.

I wish there was a way to get the business options without having to buy 10 licenses.

Hi @laurinkeithdavis, I understand the benefit and the blockage that plans require. Could you share this feedback to our product team?

1 Like