Using OAuth for account-level server-to-server communications

Hello. I’m a new Zoom API user and I’m trying to set up OAuth for server-to-server communications to use the API to do some relatively simple things (at first) like getting a report of inactive hosts for our account and then deleting them. This is all automated system-to-system stuff (no actual physical user, no return_uri, etc.) that might run, say, once a month.

I have created the account-level OAuth application with a return_uri of (this was suggested in a similar topic).

My first attempt was to to simply try to request an access token like this (with my base64 encoded client_id:client_secret using Basic Authorization in the header):

curl -X POST '' -H 'Authorization: Basic <base 64 encoded credentials here>

But I gather that is not valid since it needs a code?
{"reason":"Internal Error","error":"invalid_request"}

So, I tried to get one of those via the user auth request like this:
curl -X POST '<client id goes here>'

But curl doesn’t return anything. In Postman, I get some HTML mentioning that javascript should be turned on.

So, clearly I’m doing something wrong and there is a gap in my understanding. The docs appear to lean heavily towards using OAuth for manual user-authenticated flows. But I’m looking to automate the whole process.

Hey @pkwade,

Thanks for reaching out about this, and happy to help.

As a first step, I should note that if you’re building a server to server integration, and this is just for your own Zoom account, I might actually recommend authenticating via JWT credentials instead, as this is intended for this exact kind of use case.

The first step is to create a JWT App:

You can then generate a JWT token from within the app directly, or programmatically:

You can authenticate your requests with this bearer token, and you don’t need to use the OAuth flow at all.

Let me know if this might be more helpful!