Hi,
I’m newbie on API and i have problem with that integration. JWT token expiring and I need to take zoom audit logs to QRadar via that workflow but i couldn’t change auth method jwt to s2s oauth can you help me with this?
<?xml version="1.0" encoding="UTF-8" ?>
<Parameters>
<Parameter name="host" label="Host" required="true" default="api.zoom.us" />
<Parameter name="api_key" label="API Key" required="true" />
<Parameter name="api_secret" label="API Secret" required="true" secret="true" />
</Parameters>
<Actions>
<!-- Initialize the Bookmark -->
<Initialize path="/bookmark" value="1970-01-01" />
<!-- Create an Access Token -->
<CreateJWTAccessToken savePath="/access_token">
<Header>
<Value name="alg" value="HS256" />
<Value name="typ" value="JWT" />
</Header>
<Payload>
<Value name="iss" value="${/api_key}" />
</Payload>
<Secret value="${/api_secret}" />
</CreateJWTAccessToken>
<!-- Fetch Events -->
<CallEndpoint url="https://${/host}/v2/report/operationlogs" method="GET" savePath="/get_events">
<BearerAuthentication token="${/access_token}" />
<QueryParameter name="from" value="${/bookmark}" omitIfEmpty="true" />
<QueryParameter name="page_size" value="300" />
</CallEndpoint>
<!-- Handle Errors -->
<If condition="/get_events/status_code != 200">
<Abort reason="${/get_events/body/code}: ${/get_events/body/message}" />
</If>
<!-- Post Events, if any -->
<If condition="count(/get_events/body/operationlogs) > 0">
<PostEvents path="/get_events/body/operationlogs" source="${/host}" />
<!-- Update the bookmark -->
<ParseDate pattern="yyyy-MM-dd'T'HH:mm:ss'Z'" timeZone="UTC" date="${max(/get_events/body/operationlogs/time)}" savePath="/last_event_time" />
<FormatDate pattern="yyyy-MM-dd" timeZone="UTC" time="${/last_event_time + 86400000}" savePath="/bookmark" />
</If>
</Actions>
<Tests>
<DNSResolutionTest host="${/host}" />
<TCPConnectionTest host="${/host}" />
<SSLHandshakeTest host="${/host}" />
<HTTPConnectionThroughProxyTest url="https://${/host}" />
</Tests>