Server-to-server OAuth, Rest API, Update SDK to remove JWT

Meeting SDK
1

I have been running a php web site using Rest API with JWT for 2 years.
I’m using curl php functions to call Rest APIs.
I added a server-to-server oauth to remove JWT, and it’s working well.
I am still using same Rest API to create a meeting room and check the number of participants in the room.

But when I look at the JWT’s call logs, it says that I am still using JWT.
And Meeting SDK has an update button appears in Manage list page.

Question 1: If I update the Meeting SDK, do I need to do anything else?
Question 2: Before updating the Meeting SDK, Can I create another Meeting SDK and test it. Is it possible?
because, when I tried to make another meeting sdk, it said user level instead of account level I currently have.

I guess I don’t have much time left to solve this issue, but I’m careful because there are many users are using.

2

Hi @jihpa91 ,

my responses are inline

Question 1: If I update the Meeting SDK, do I need to do anything else?

The update for Meeting SDK here is to update it from JWT to OAuth.
Only if you are using JWT credentials from the older Meeting SDK, then you will need to do something here. Please do not confuse this with the standalone JWT App Type

It seems from your post, you have another standalone JWT App Type which has been successfully migrated over to Server to Server OAuth.

Question 2: Before updating the Meeting SDK, Can I create another Meeting SDK and test it. Is it possible?
because, when I tried to make another meeting sdk, it said user level instead of account level I currently have.

You can just update Meeting SDK. The updating itself should not break anything for production users.
Newly created Meeting SDK only supports OAuth, hence it is user level.

3

Thank you for reply.
I just want to fully understand, before I do something.

  1. Does user level Meeting SDKs support Server-to-server OAuth to have token?
  2. If not, can I have multiple Account level Meeting SDKs?
4

@jihpa91

  1. Does user level Meeting SDKs support Server-to-server OAuth to have token?

No, the OAuth found in Meeting SDK is user level.
If you need account level access, you will need to create a standalone Server-to-Server Oauth app type

  1. If not, can I have multiple Account level Meeting SDKs?

There is no multiple account level OAuth in Meeting SDK.

5

Let me provide little more details. I have these Apps.

image

And this is the php code to create meeting room.
I changed from $jwt_key_from_JWT_app to $token_from_server_to_server_oauth.
It’s working, but still make JWT call logs.

curl_setopt($ch, CURLOPT_URL, "https://api.zoom.us/v2/users/$zoom_account_id/meetings");
$header = array(
    "authorization: Bearer " . $token_from_server_to_server_oauth,
    'Content-Type: application/json'
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$fields_setting = array(
    'host_video' => 'true',
    'participant_video' => 'true',
    'join_before_host' => 'true',
    'use_pmi' => 'false',
    'approval_type' => '2',
    'auto_recording' => 'cloud'
);
$fields = array(
    'topic' => 'Class ' . $sdate,
    'type' => '2',
    'start_time' => $start_time,
    'duration' => '60',
    'timezone' => 'xxxxxx',
    'password' => 'xxxxxx',
    'settings' => $fields_setting
);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($fields));
$result = curl_exec($ch);

image

Do you think the update of SDK is good enough to avoid to make JWT call logs?

6

@jihpa91 ,

The updating of SDK will not stop JWT call logs at the moment.
If you are still using it, it will only stop on 1st Sep.

Here’s another way you can tell if your applications are making API calls.

Goto App Marketplace
you should be able to see something similar to this (screenshot below)

image
image1909×999 114 KB

Do you see APIs calls under your JWT App Type?
This is under the metrics column (screenshot below)
image

If you do see something, click on actions (screenshot below) and click on “view call logs”
image

7

I didn’t know about “Apps on Account” page.
This page shows “Call logs” clearly from JWT and Server-to-server OAuth both.
JWT’s call logs stopped and OAuth’s call logs show currently calling.
I guess I don’t have to worry anymore about deprecated JWT calls.
Thank you so much.

1 Like