When to use Server-to-Server OAuth app and when to use OAuth app?

elisa.zoom · September 1, 2022, 5:37pm

If you are asking yourself: should I use a Server-to-Server OAuth app or a “standard” OAuth app?

I would suggest you to start by asking yourself the following:

Who sill use my app? Users or programs

So, if you are planning on developing an app that is going be used by people (users who do not belong to your account) you should definitely be looking into an OAuth app.

And what I mean by this is that if you want your application to make API calls to the Zoom endpoints on behalf of 3rd party users, you will need an OAuth app that the end user will authorize to grant your application permission to access their data.

This application will need to be published in the Marketplace and be reviewed by our Marketplace team:
https://developers.zoom.us/docs/distribute/

Now, if your application is going to be used by programs and if it is going to make API calls on behalf of the account and has NO user interaction, then you are looking into a Server-to-Server OAuth app

Let’s put it in simple words now:

Server-to-Server OAuth:

If your application calls the Zoom APIs on behalf of the account without users interaction
Internal applications that work with own data rather than a users data
Use cases: Internal reporting tools, Managing internal users, Managing accounts.

OAuth app:

Applications created for 3rd party users
Applications authorized and used by people
Use cases: Scheduling apps, Telehealth apps, Learning Management system apps.

Learn more about the different app types available in the Zoom Marketplace here: https://marketplace.zoom.us/

devontae · March 5, 2024, 7:00pm

@elisa.zoom I’m building an api system that allows doctors to create video meetings for their patients. Once the doctor creates a meeting (via your zoom api) a url would be sent to the patient for them to use at the assigned time. This api system would be making api request (i.e doctor hits btn called create meeting) for the doctors and would be integrated with their web app. Would you suggest I use the Server-to-Server OAuth mechanism to make request to your zoom api for this context?

casa-guy-1 · July 20, 2024, 9:48pm

Hi DeVontae, I’m facing the same conundrum. What did you end up settling on? I’m leaning towards server-to-server, but I’d greatly appreciate your input!

Ammulekshmi_Ratheesh · July 29, 2024, 9:26am

For a healthcare EHR web application that involves creating users and scheduling a large number of meetings, is Server-to-Server OAuth the ideal method?

Can the OAuth approach help manage rate limits more effectively for creating/updating meeting limits for a single user per day (100 requests)?
What would be the ideal approach for a healthcare EHR web application that involves a high volume of meetings per user in a single day?

Topic		Replies	Views
Server to server for internal tool API and Webhooks server-to-server	3	176	March 11, 2025
Is there any problem to implement with Server-to-serverOAuth? Meetings api	1	217	January 17, 2023
The Server-to-Server OAuth app type is only for internal applications and processes. All apps created for third-party usage must be OAuth app types Web webhooks , api	3	312	July 2, 2023
How to activate Server-to-Server OAuth App App Marketplace api	4	1486	May 26, 2023
Server to Server OAuth External Account Interaction Authentication api , s2s-oauth	4	895	September 13, 2023

When to use Server-to-Server OAuth app and when to use OAuth app?

Related topics