Using OAuth for account-level server-to-server communications

Hello. I’m a new Zoom API user and I’m trying to set up OAuth for server-to-server communications to use the API to do some relatively simple things (at first) like getting a report of inactive hosts for our account and then deleting them. This is all automated system-to-system stuff (no actual physical user, no return_uri, etc.) that might run, say, once a month.

I have created the account-level OAuth application with a return_uri of https://zoom.us (this was suggested in a similar topic).

My first attempt was to to simply try to request an access token like this (with my base64 encoded client_id:client_secret using Basic Authorization in the header):

curl -X POST 'https://zoom.us/oauth/token?grant_type=authorization_code&redirect_uri=https://zoom.us' -H 'Authorization: Basic <base 64 encoded credentials here>

But I gather that is not valid since it needs a code?
{"reason":"Internal Error","error":"invalid_request"}

So, I tried to get one of those via the user auth request like this:
curl -X POST 'https://zoom.us/oauth/authorize?response_type=code&redirect_uri=https://zoom.us&client_id=<client id goes here>'

But curl doesn’t return anything. In Postman, I get some HTML mentioning that javascript should be turned on.

So, clearly I’m doing something wrong and there is a gap in my understanding. The docs appear to lean heavily towards using OAuth for manual user-authenticated flows. But I’m looking to automate the whole process.

Hey @pkwade,

Thanks for reaching out about this, and happy to help.

As a first step, I should note that if you’re building a server to server integration, and this is just for your own Zoom account, I might actually recommend authenticating via JWT credentials instead, as this is intended for this exact kind of use case.

The first step is to create a JWT App:

You can then generate a JWT token from within the app directly, or programmatically:

You can authenticate your requests with this bearer token, and you don’t need to use the OAuth flow at all.

Let me know if this might be more helpful!

Thanks,
Will