Unable to call API with SDK credentials

Hello!

We are developing a system using the Web Video SDK.

We have created a Video SDK app on our account, and are using the SDK Key and SDK Secret to create a JWT, server-side. We then pass the token to the client (browser), and use it to join a session. So far so good…

Our system also needs to call your API (server-side) to create/end meetings, get participants etc.

I have read the documentation (Using Zoom APIs), and it seems that JWT authentication is the most suitable for our use-case.

I have followed the JWT guide (https://marketplace.zoom.us/docs/guides/auth/jwt) to generate the token. The method is very similar to the token we are already using for the client to join a session.

However, when I attempt to to use the token to authenticate an API request, it fails with a 403 (Unauthorised) response “Invalid access token”.

The token was generated using the key and secret from the SDK app. In the “Activation” section of the app it says “Your app is allowed to invoke any Zoom APIs”, so I presume this should work.

However, in the documentation, it mentions needing to create a JWT app, in order to use JWT authentication. This would be fine, except that it doesn’t allow me to have more than one app on the account (as described in this post: Cannot create a new app)

I am unable to delete the Video SDK app, and deactivating it does not help. I could create a new account, but I shouldn’t need to choose between using an SDK or the API - both are required to build an effective solution.

Can you confirm whether the SDK Key and SDK Secret from a Video SDK app can be used to create a JWT to authenticate with your API ?

If not, can you propose an alternative solution?

Many thanks!
Ryan

Hi @RyanB,

Thanks for reaching out about this, and happy to help clarify.

First, I should note that if you’re using our Video Web SDK, this is completely separate from our Meetings product (such as our Client Web SDK, and our Meeting APIs) — The Video SDKs require a separate account type (a “Video SDK” account), and work based on “sessions” rather than meetings. It’s not possible to call our APIs using the credentials from your SDK app type under a Video SDK account.

If you wish to call our Meetings APIs, you will need to use a standard Zoom account and create a JWT app to generate credentials under that account.

Note that in order to use a combination of our APIs (for creating/managing meetings) and our SDK, you would need to leverage the Client Web SDK rather than the Video SDK.

I hope this helps to clarify, but let me know if you have questions about any of this!

Thanks,
Will

Hi @will.zoom,

Thanks for the explanation!

I didn’t realise there was no API for the Web Video SDK. I have worked with other platforms (such as Twilio), which typically provide an SDK and API that can be used together.

The documentation could also be a lot clearer. In your reply, you made the helpful distinction between the terms “meeting” and “session”, but the documentation for the Web Video SDK uses these terms interchangeably (See https://marketplace.zoom.us/docs/sdk/video/web/reference), with the word “meeting” appearing more frequently. If the documentation could be updated to use the correct terminology, that would really help avoid this confusion.

Lastly, on the activation section of the app, it says "Your app is allowed to invoke any Zoom APIs". I know this is may be a generic message, but it is a contradiction, if the app cannot invoke any API.

Thanks again,
Ryan

Hi @RyanB,

Thanks for the reply and the feedback—this is very valuable and I can certainly appreciate how this would be confusing. We will work with our team to improve the documentation to make these points clearer.

Don’t hesitate to let us know if you run into additional questions in the meantime!

Thanks,
Will

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.