Proper Auth type for a SaaS platform that creates meetings for third party customers

We are currently integrated with Zoom API and webhooks using JWT but we read that it will be deprecated by June 2023, so we are trying to decide what would be the best way to move forward.

Our web based application currently creates meetings for our sales reps (all these zoom accounts are child accounts of our master account). We are making our web application public now, allowing other companies to link their master account to our service and was wondering what would be the best way to authenticate at Zoom’s API, given that our application will be the one creating meetings, catching events, etc.

Thanks in advance for any inputs on this.

Hi @jonshugart ,

For creating meetings for child accounts of your master account, Server-to-Server OAuth App should be sufficient.

For other companies, an Account-Level OAuth App with the appropriate OAuth scopes will allow you to do this.

All the best,
Gianni

Hi Gianni,

Thanks for your reply.

How would an Account-Level OAuth App be different from just creating a Server-to-Server OAuth App and requesting our customers to send us their account id, client id and client secret? This last scenario would be ideal to us

We just need them to give us their credentials in order for us to create meetings for them. Would Account-Level OAuth App require them to login into zoom and grant permissions to our App?

@jonshugart sharing account credentials with people outside of one’s account is not supported Zoom security practice so I cannot recommend the ideal scenario you outlined.

Yes they would install the app and give permission to access their account by way of the app.