Server-to-Server Integration vs OAuth


We have a integration with Zoom where we allow people to connect their account so that they can create conferences with various options and get a link to those conferences.
We also use the API so that when a conference finishes, we get access to its recordings and process that data on the server, without user interaction.

Currently we’re using the Server-to-Server integration and it works wonders.

However, our application targets all sorts of users and doing the Server-to-Server integration is not easy for all of them, even if we provide proper instructions on where to go on Zoom and what to do.

So we were thinking the OAuth integration is much simpler, but the problem is, once we obtain a token with OAuth, it is valid for one or two hours for Zoom (I am not sure), then it has to be renewed, which means if we were to use this for our server processing it would be a nightmare to manage since we need to handle tokens lifetime and renewals, always. And when we have a high number of users, this simply doesn’t look like a viable option, thus sticking with the Server-to-Server integration makes most sense.

Am I missing anything here?

Hi @twisted1919 ,

is your integration available for users outside of your Zoom Account? If yes, then you need to build a user authorized OAuth app and publish it in our marketplace.

You can find the guidelines here:

We follow OAuth standards so our tokens have an expiry time of 1 hour. But every token comes with a refresh token, so instead of having the user request a new token every hour, you can instead use the refresh token logic to refresh the token:

Let me know if this helps.

Thank you for your answer.
Can you please tell me how long the refresh token is valid?

Sorry, I asked too soon, I found it expires in 15 years.
I think we’re okay for now, let me check everything and if anything, I’ll get back to you.