What are the SDK app key and app secret actually used for?

We have one test account for Zoom were we have tested different features. There I created a SDK app and used the app key and app secret and then integrated the SDK in an Android app.

Our backend used the JWT app with its keys and then I called the backend to initate a meeting and got back a zak token and a user token, From the app then I started a meeting as an api user with those tokens after I had initialized the SDK with my SDK keys. It all worked fine.

But they it got a bit weird I feel. We then moved to our production account and the backend updated their keys to the production keys. However I stayed on the test account SDK keys but everything still works? How can this be? Does the SDK keys not matter as long as I have a zak and user token from our backend? I thought it would check to see that my SDK tokens were from the same account as the zak and user tokens were created from?

Which version?
Android SDK 4.6.21666.0429

Hey @mwoxblom,

Thanks for the post and pardon the late response. The SDK key & secret are used to initialize and to authenticate the SDK. The SDK authentication process is to check whether the account is able to use SDK.

The user token and zak token are used to authenticate the user. The token does not have to associate with the user in the account of the SDK credentials.

Hope this helps. Thanks!