We’re developing automated scripts for recording management using Zoom’s Server-to-Server API integration. However, we’ve encountered a concern:
Currently, API credentials generated from the Marketplace associate all API actions with the creator’s personal account. For instance, when downloading a recording via API, it’s logged as a download by that individual user.
While we appreciate the need for action tracking, we’d prefer these operations to be associated with a dedicated service account for our application, rather than the API creator’s account.
Is it possible to generate Server-to-Server API credentials linked to a service account? If so, could you please provide guidance on how to implement this?
We look forward to your insights on this matter.
Transfer the ownership of the Server-to-Server application to the service user that you want to use. You can do this from the Created Apps page by finding the table row for your application, selecting the ellipsis, then pick Transfer App Owner.
Server-to-Server applications impersonate the owner user. That’s why the owner user needs to have the same permissions as the application’s scopes.
Thanks, that’s a good idea. However, I don’t agree with the sentence “That’s why the owner user needs to have the same permissions as the application’s scopes.”.
As per my experience with S2S applications, the owner just needs the permission to add-edit the integration, and the permissions need to be set in the scopes page. In fact, if a full Zoom account admin is an owner of an app with wrong permissions that app gets this error from a not allowed API:
"message": "Invalid access token, does not contain scopes:[...]."
You need both user permissions and the application scopes. We used to have a least-privilege setup where the application owner had no permissions, and we’d temporarily transfer ownership of the application to a privileged user that would grant the desired scopes, then transfer ownership back to the no-permissions user. Zoom put a stop to that where the no-longer-eligible scopes now get dropped when ownership is transferred.
Looking for the same. Any Suggestions?