To securely handle host and participant

I am switching from twilio to zoom for meeting integration in my react app.

I statically created zoom app with video SDK in react.

I want to implement functionality below.

1). There is one host and other all are the participant.
so basically i provide role to 1 for the host and 0 for the participant.

now i want to make role implementation dynamically.

I tried to generate unique link with role type like https://test.com?role=1
but this is venerable and if user changes the url query then the user has privileges to join as a host and participant.

My previous meeting app is with twilio. In twilio the participant and host is managed by twillio itself. but in Zoom video SDK i am getting similar solution for manage role of the user.

So can you describe how actually role works with dynamic environment or zoom have any functionality for that which will maintain the meeting states

There is one page with zoom client init so whenever user hits the url the client is created and i am unable to know that whose the participant and whose the host.

With Zoom Video SDK you have complete control over who can request a token. Since the token generation happens in your backend service, you can accept a role attribute.
When a user requests a JWT, you can authenticate their request based on your business logic. If you have some form of user authentication then you can check their email to see if they are allowed to get a host token for the meeting session or not.