We also just noticed this accidentally in an email digest and trying to evaluate the amount of work we need to do urgently. I won’t be surprised that many people are still unaware about this upcoming breaking change.
JWT is not affected. This only applies to the Zoom API endpoints, basically all of the endpoints that are on this page – Introduction to Zoom API
@shariq.torres could you clarify if this endpoint is also affected?
https://{{base-domain}}/rec/download/{{path-to-file-download}}?access_token={{JWT-token}}
1 Like
Yes, it is my understanding that endpoint would be affected as the access token is being set in the query parameter.
For any API request in which you are setting the access token, refresh token, or revoke token in the URL query parameters, you should update those API calls to set the token values in the Authorization header and NOT the HTTP query parameters.
Most definitely this endpoint is affected. All of the endpoints that here will need to send the access token in request headers. There are a couple of endpoints for the Meeting, Phone, and Chat APIs that deal with downloading recordings/transcripts. Even those endpoints that explicitly call out the access token as a query parameter, you will still need to make sure that the access token is in the request headers.
1 Like
Hope this will help to someone.
I followed this link to use the new authorisation header to generate ZAK for start meeting,
The announcement you linked to says a date to be determined and that the changes are not required and will not affect production. If this page is to be trusted for announcements on breaking production changes, it needs to be clearly updated for us to be able to action on.
Updated: February 23, 2022
As part of our continued efforts to improve security for Zoom OAuth App Types using Authorization Flow, we released three new security features. These features go into effect on May 16, 2021. They are recommended, but not required, and will not affect your existing OAuth apps in production.
At a date to be determined, we will make these features mandatory. We will notify you in advance of this date.
This will break and impact Zoom users using our app in production, and the notice period from this forum post is too short. We will need more time to make sure this does not disrupt and disappoint our Zoom customers.
1 Like
@shariq.torres It does not make sense to make such a huge change without a proper announcement. The document you shared clearly says that "the changes are not required and will not affect production.
I am kindly asking you to figure this out and give some extra time to avoid a potential chaos.
@shariq.torres what is the latest update? Will the changes still go into effect on November 19th? I know you claim that notices were sent out in the spring, however, it is obvious that your message was not clearly received. Can this breaking change be pushed out until the end of the year to give developers more time to update their integrations?
Looking forward to your update.
4 Likes
@shariq.torres unfortunately this change will break a key feature in our app. We are currently using “video download URL + token” as a media source on the client. We’re investigating an alternative approach that involves javascript and results in CORS errors. We’ll need more time to get this implemented.
Any updates on whether you can extend the timeline to give developers more time?
2 Likes
I want to keep this bumped. This is a high priority issue for our company which will impact Zoom users in production. We need an answer ASAP.
1 Like
I guess that no answer is an answer! 
We are looking at some options right now. I thought I would have an answer by now, but the stakeholders are still working through some things. I hope to know more by the end of the day.
2 Likes
When you get a sec, would you mind clarifying what notifications or email list we have to sign up for to be notified of breaking changes like this? This is the second time we’ve been caught off guard by a potentially breaking change because none of my crew has received notifications. Is there an email list we need to sign up for? A particular category or tag we should follow here in Zoom dev? All of the support pages I can find with announcements and change logs mix minor issues in with major, so it’s impossible to understand when something critical like this is coming up.
5 Likes
I need an update to this today to be able to make a business decision that won’t disrupt paying Zoom users.
We are going to delay enforcing this until Feb 2023. We apologize for the late communications on this.
5 Likes
hi Shariq
so no update tomorrow ? As others have said, is there an email service or forum we can follow to get more advanced notice of major changes ?