We are developing a system using the Web Video SDK.
We have created a Video SDK app on our account, and are using the SDK Key and SDK Secret to create a JWT, server-side. We then pass the token to the client (browser), and use it to join a session. So far so good…
Our system also needs to call your API (server-side) to create/end meetings, get participants etc.
I have read the documentation (Using Zoom APIs), and it seems that JWT authentication is the most suitable for our use-case.
I have followed the JWT guide (https://marketplace.zoom.us/docs/guides/auth/jwt) to generate the token. The method is very similar to the token we are already using for the client to join a session.
However, when I attempt to to use the token to authenticate an API request, it fails with a 403 (Unauthorised) response “Invalid access token”.
The token was generated using the key and secret from the SDK app. In the “Activation” section of the app it says “Your app is allowed to invoke any Zoom APIs”, so I presume this should work.
However, in the documentation, it mentions needing to create a JWT app, in order to use JWT authentication. This would be fine, except that it doesn’t allow me to have more than one app on the account (as described in this post: Cannot create a new app)
I am unable to delete the Video SDK app, and deactivating it does not help. I could create a new account, but I shouldn’t need to choose between using an SDK or the API - both are required to build an effective solution.
Can you confirm whether the SDK Key and SDK Secret from a Video SDK app can be used to create a JWT to authenticate with your API ?
If not, can you propose an alternative solution?