We heard that JWT app-types will be deprecated so we’re trying to update our authentication for Zoom API/Webhook and Web SDK (from JWT to SDK authentication). The API/Webhook works fine but the Web SDK has an error.
We’re getting an “Invalid Signature” error in the Web SDK after updating. I’ve double-checked everything and we seem to be doing everything correctly.
Here’s the flow:
- Backend server creates a meeting via Zoom API using Server-to-Server app-type credentials. (this is working)
- Using the meeting ID generated, backend generates a signature using Zoom SDK app-type credentials. We followed the documentation very carefully, and even validated the generated signature using https://jwt.io/. The signature is correct.
- We send the meeting ID, meeting password, the SDK key, and signature to the frontend that is using Zoom Web SDK to initiate the Zoom Client to join the meeting.
- Zoom client will load but will return an error prompt saying “Invalid Signature”.
Here’s the exact error message that Zoom Web SDK is showing:
{method: “join”, status: false, result: “Invalid signature.”, errorMessage: undefined, errorCode: 3712}
I’ve looked at the forum to see if they have the same problem. I found this thread: https://devforum.zoom.us/t/invalid-signature-using-web-sdk/46614
The Zoom staff in that thread says that the Web SDK should not use SDK app-type credentials and should just JWT credentials. Is this still the case? I thought JWT will be deprecated by next year?