Hello,
We need clarification on the March 2, 2026 Meeting SDK authorization changes.
Our Setup:
-
Web application with embedded Meeting SDK (Web v3.11.2)
-
General App (Meeting SDK) for signatures + Server-to-Server OAuth app for ZAK tokens
-
Users click “Join Meeting” button and join anonymously without Zoom accounts
-
Currently working fine with just the JWT signature for all participants
Our Use Case:
-
80% of meetings: Hosted within our Zoom account
-
20% of meetings: Hosted by external clients using their own Zoom accounts
-
Hosts: Staff who manage meetings (need host privileges)
-
Attendees: Regular users joining as guests (no Zoom accounts)
The Problem:
When we implemented ZAK tokens for the March 2026 requirement, passing the host’s ZAK to attendees gave them host privileges and bypassed the waiting room.
We now pass ZAK only to hosts. But for external meetings, the FAQ says “JWT + OBF token” is required.
Our Question:
For real human guests (non-login users without Zoom accounts) joining meetings hosted outside our app’s Zoom account - what token should they use?
-
ZAK requires each user to have a Zoom account with OAuth authorization
-
OBF is for “automated participants like recording apps”, not real people
What is the correct approach for anonymous guest participants joining external meetings after March 2, 2026?
Thank you!