Why Access Token Change Is Affecting JWT Apps?

I saw this today https://devsupport.zoom.us/hc/en-us/articles/12363164278669-API-access-token-change and it says :point_down:

I use a JWT app. Does this affect me?

Yes. The JWT app type (which is being deprecated) generates an access token that is consumed by the Zoom API. This access token must be sent as part of the Authorization Request header as well.

I am using the JWT app but I am the above is misleading, the Zoom JWT app uses a JWT token not an access token. I am generating the JWT token using the API Key and API Secret, and then sending as :point_down:

{"Authorization", "Bearer #{jwt_token}"}, {"Content-Type", "application/json"}

In the header of each request.

I am not sure what other changes will I need to make before the 24th of February 2023.

Looks like youโ€™re already sending the token in the HTTP Authorization header, not as part of the URL query string, so youโ€™re all set. This is about keeping authentication tokens out of URLs, which have a tendency to be stored unencrypted in log files by various servers.

1 Like