We heard that JWT app-types will be deprecated so we’re trying to update our authentication for Zoom API/Webhook and Web SDK (from JWT to SDK authentication). The API/Webhook works fine but the Web SDK has an error.

We’re getting an “Invalid Signature” error in the Web SDK after updating. I’ve double-checked everything and we seem to be doing everything correctly.

Here’s the flow:

1. Backend server creates a meeting via Zoom API using Server-to-Server app-type credentials. (this is working)
2. Using the meeting ID generated, backend generates a signature using Zoom SDK app-type credentials. We followed the documentation very carefully, and even validated the generated signature using https://jwt.io/. The signature is correct.
3. We send the meeting ID, meeting password, the SDK key, and signature to the frontend that is using Zoom Web SDK to initiate the Zoom Client to join the meeting.
4. Zoom client will load but will return an error prompt saying “Invalid Signature”.

Here’s the exact error message that Zoom Web SDK is showing:
{method: “join”, status: false, result: “Invalid signature.”, errorMessage: undefined, errorCode: 3712}

I’ve looked at the forum to see if they have the same problem. I found this thread: https://devforum.zoom.us/t/invalid-signature-using-web-sdk/46614

The Zoom staff in that thread says that the Web SDK should not use SDK app-type credentials and should just JWT credentials. Is this still the case? I thought JWT will be deprecated by next year?