Server-to-Server Integration vs OAuth

twisted1919 · March 20, 2023, 2:13pm

Hello,

We have a integration with Zoom where we allow people to connect their account so that they can create conferences with various options and get a link to those conferences.
We also use the API so that when a conference finishes, we get access to its recordings and process that data on the server, without user interaction.

Currently we’re using the Server-to-Server integration and it works wonders.

However, our application targets all sorts of users and doing the Server-to-Server integration is not easy for all of them, even if we provide proper instructions on where to go on Zoom and what to do.

So we were thinking the OAuth integration is much simpler, but the problem is, once we obtain a token with OAuth, it is valid for one or two hours for Zoom (I am not sure), then it has to be renewed, which means if we were to use this for our server processing it would be a nightmare to manage since we need to handle tokens lifetime and renewals, always. And when we have a high number of users, this simply doesn’t look like a viable option, thus sticking with the Server-to-Server integration makes most sense.

Am I missing anything here?

ojus.zoom · March 20, 2023, 5:12pm

Hi @twisted1919 ,

is your integration available for users outside of your Zoom Account? If yes, then you need to build a user authorized OAuth app and publish it in our marketplace.

You can find the guidelines here: https://marketplace.zoom.us/docs/guides/publishing/app-submission/

We follow OAuth standards so our tokens have an expiry time of 1 hour. But every token comes with a refresh token, so instead of having the user request a new token every hour, you can instead use the refresh token logic to refresh the token: https://marketplace.zoom.us/docs/guides/auth/oauth/#refreshing-an-access-token

Let me know if this helps.

twisted1919 · March 20, 2023, 5:21pm

Thank you for your answer.
Can you please tell me how long the refresh token is valid?

twisted1919 · March 20, 2023, 5:22pm

Sorry, I asked too soon, I found it expires in 15 years.
I think we’re okay for now, let me check everything and if anything, I’ll get back to you.

system · March 23, 2024, 8:58am

This topic was automatically closed 368 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to properly use the access token? API and Webhooks	5	1589	October 25, 2023
OAuth for server-to-server API and Webhooks	18	2710	August 21, 2020
Server to Server OAuth tokens and concurrent usage (e.g. web apps) API and Webhooks server-to-server	7	1216	December 6, 2023
Server to Server OAuth Access Token API and Webhooks	6	1372	July 19, 2023
SSO for Zoom API API and Webhooks	4	674	September 14, 2020

Server-to-Server Integration vs OAuth

Related Topics