When to use Server-to-Server OAuth app and when to use OAuth app?

If you are asking yourself: should I use a Server-to-Server OAuth app or a “standard” OAuth app? :thinking:

I would suggest you to start by asking yourself the following:

Who sill use my app? Users or programs

So, if you are planning on developing an app that is going be used by people (users who do not belong to your account) you should definitely be looking into an OAuth app.

And what I mean by this is that if you want your application to make API calls to the Zoom endpoints on behalf of 3rd party users, you will need an OAuth app that the end user will authorize to grant your application permission to access their data.

This application will need to be published in the Marketplace and be reviewed by our Marketplace team:
https://developers.zoom.us/docs/distribute/

Now, if your application is going to be used by programs and if it is going to make API calls on behalf of the account and has NO user interaction, then you are looking into a Server-to-Server OAuth app

Let’s put it in simple words now:

:memo: Server-to-Server OAuth:

  • If your application calls the Zoom APIs on behalf of the account without users interaction
  • Internal applications that work with own data rather than a users data
  • Use cases: Internal reporting tools, Managing internal users, Managing accounts.

:busts_in_silhouette: OAuth app:

  • Applications created for 3rd party users
  • Applications authorized and used by people
  • Use cases: Scheduling apps, Telehealth apps, Learning Management system apps.

Learn more about the different app types available in the Zoom Marketplace here: https://marketplace.zoom.us/

8 Likes

@elisa.zoom I’m building an api system that allows doctors to create video meetings for their patients. Once the doctor creates a meeting (via your zoom api) a url would be sent to the patient for them to use at the assigned time. This api system would be making api request (i.e doctor hits btn called create meeting) for the doctors and would be integrated with their web app. Would you suggest I use the Server-to-Server OAuth mechanism to make request to your zoom api for this context?