Authorization


The Zoom Meeting SDKs use an SDK Key and Secret to generate an SDK JWT for authorized use of the SDK:

On This Page

Get SDK Key and Secret

To get an SDK Key and Secret, go to the Zoom App Marketplace and sign in with your Zoom account. If you do not have a Zoom account yet, you can create one.

Click Develop and choose Build App. On the SDK app type, click Create.

After completing the SDK App setup, go to App Credentials where you will find your SDK Key and Secret.

Now that you have an SDK Key and Secret you are ready to generate an SDK JWT.

Generate the SDK JWT

Each request to start and join a Zoom meeting or webinar must be authorized by an encrypted SDK JSON Web Token (JWT). A SDK JWT must be generated each time you join a meeting or webinar through a backend (server-side) function where your SDK credentials can be stored securely.

JWTs are generated with three core parts: Header, Payload, and Signature. When combined, these parts are separated by a period to form a token: 1111111.2222222.3333333.

Header:

The Header includes the specification of the signing algorithm and the type of token.

KeyValue
algHS256
typJWT
{
  "alg": "HS256",
  "typ": "JWT"
}

Payload:

The payload of a JWT contains the claims of the token, or the pieces of information being passed about the user and any metadata required. Some fields are required for Web SDKs, but optional for Native SDKs, and vice versa. See the table below for details.

KeyValue Description
appKeyYour SDK Key. Required for Native, optional for Web.
sdkKeyYour SDK Key. Required for Web, optional for Native.
mnThe Zoom Meeting or Webinar Number. Required for Web, optional for Native.
roleThe user role. Required for Web, optional for Native. Values: 0 to specify participant, 1 to specify host.
iatThe current timestamp. Required.
expJWT expiration date. Required. Values: Min = 1800 seconds greater than iat value, max = 48 hours greater than iat value. In epoch format.
tokenExpJWT expiration date. Required. Values: Min = 1800 seconds greater than iat value, max = 48 hours greater than iat value. In epoch format.
{
  "appKey": SDK_KEY,
  "sdkKey": SDK_KEY,
  "mn": MEETING_NUMBER,
  "role": ROLE,
  "iat": 1646937553,
  "exp": 1646944753,
  "tokenExp": 1646944753
}

Signature:

To create a signature for the JWT, the header and payload must be encoded with the SDK Secret through an HMAC SHA256 algorithm.

ValueValue Description
SDK_SECRETRequired, your SDK Secret.
HMACSHA256(
  base64UrlEncode(header) + '.' + base64UrlEncode(payload),
  SDK_SECRET
);

Example SDK JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZGtLZXkiOiJhYmMxMjMiLCJtbiI6IjEyMzQ1Njc4OSIsInJvbGUiOjAsImlhdCI6MTY0NjkzNzU1MywiZXhwIjoxNjQ2OTQ0NzUzLCJhcHBLZXkiOiJhYmMxMjMiLCJ0b2tlbkV4cCI6MTY0Njk0NDc1M30.UcWxbWY-y22wFarBBc9i3lGQuZAsuUpl8GRR8wUah2M

Node.js generate SDK JWT function

In the sample Node.js generate signature function below, we use jsrsasign, an open source cryptographic JavaScript library.

const KJUR = require('jsrsasign')
// https://www.npmjs.com/package/jsrsasign
function generateSignature(sdkKey, sdkSecret, meetingNumber, role) {

  const iat = Math.round((new Date().getTime() - 30000) / 1000)
  const exp = iat + 60 * 60 * 2
  const oHeader = { alg: 'HS256', typ: 'JWT' }

  const oPayload = {
    sdkKey: sdkKey,
    mn: meetingNumber,
    role: role,
    iat: iat,
    exp: exp,
    appKey: sdkKey,
    tokenExp: iat + 60 * 60 * 2
  }

  const sHeader = JSON.stringify(oHeader)
  const sPayload = JSON.stringify(oPayload)
  const sdkJWT = KJUR.jws.JWS.sign('HS256', sHeader, sPayload, sdkSecret)
  return sdkJWT
}

console.log(generateSignature(process.env.ZOOM_SDK_KEY, process.env.ZOOM_SDK_SECRET, 123456789, 0))

For additional JWT libraries and examples in more languages, see JWT.io.

You are now ready to join Zoom meetings and webinars with the SDK.

Continue to OAuth with Meeting SDK for instructions on starting Zoom meetings and webinars on the Meeting SDK with a Zoom user's ZAK token.

OAuth with Meeting SDK

The SDK App type has OAuth credentials and scopes. The scope to get a Zoom user's ZAK token is user:zak_read. The meeting:write and meeting:read scopes are also useful if you want to manage meeting flows programmatically using Meetings APIs, but they are not required to start a meeting on behalf of a Zoom user.

To start Zoom meetings and webinars on the Meeting SDK with a Zoom user's ZAK token:

  1. Choose an OAuth flow.
  2. Get the user's ZAK token.
  3. Pass the ZAK token to the SDK.

Choose OAuth flow

OAuth flowDescription
ServerThis is best for web platforms. To complete the OAuth flow with a backend server, where you can use your web-based application to manage the redirect after a successful user authorization, follow the Zoom OAuth guide.
PKCEThis is best for native OS platforms. To complete the OAuth flow without a backend server, use your Native Meeting SDK app with a non-https private-use URI scheme to the Zoom service with a code verifier and code challenge using PKCE.
See the Android, iOS or platform agnostic PKCE guides for more details.

Get a user's ZAK token

Now that you have an access_token you are ready to get the user's ZAK token.

After a user completes the OAuth2 authorization flow, you can use their access_token to call the Get User Token API. The user's ZAK token can then be passed into the Meeting SDKs to start the user's meeting or webinar.

When you use GET /users/{userId}/token, ZAK tokens expire in two hours. It is best practice to get the ZAK token right before you start the meeting. When using the Web SDK, the Zoom API must be called from a backend service.

Endpoint:

GET https://api.zoom.us/v2/users/me/token?type=zak

Request Header:

{
  "Authorization": "Bearer {{access_token}}"
}

Response Code: 200 OK

Response Body:

{
  "token": "{{zak_token}}"
}

Pass ZAK token to the SDK

Now that you have a ZAK token you can use it to start the Zoom user's meeting or webinar with the Meeting SDKs.

private fun startMeeting(zak: String) {
   val meetingService = ZoomSDK.getInstance().meetingService
   val startParams = StartMeetingParamsWithoutLogin().apply {
       zoomAccessToken = zak
       meetingNo = ""
   }
   meetingService.addListener(meetingServiceListener)
   val result = meetingService.startMeetingWithParams(this, startParams, StartMeetingOptions())
   if (result == MeetingError.MEETING_ERROR_SUCCESS) {
       // The SDK will attempt to join the meeting.
   }
}
private func startMeeting(zak: String) {
    let startParams = MobileRTCMeetingStartParam4WithoutLoginUser()
    startParams.zak = zak
    startParams.meetingNumber = "" // TODO: Add your meeting number
    startParams.userID = "" // TODO: Add your display name
    let meetingService = MobileRTC.shared().getMeetingService()
    meetingService?.delegate = self
    let meetingResult = meetingService?.startMeeting(with: startParams)
    if (meetingResult == .success) {
        // The SDK will attempt to join the meeting, see onMeetingStateChange callback.
    }
}
private func startMeeting(zak: String) {
  let startParams = ZoomSDKStartMeetingUseZakElements()
  startParams.meetingNumber = 0
  startParams.zak = zak
  startParams.userId = "someFakeID"
  startParams.displayName = "" // TODO: Enter your display name
  startParams.userType = SDKUserType_EmailLogin
  let meetingService = zoomSdk.getMeetingService()
  meetingService?.delegate = self
  let meetingResult = meetingService?.startMeeting(withZAK: startParams)
  if (meetingResult == ZoomSDKError_Success) {
      // The SDK will attempt to join the meeting, see onMeetingStatusChange callback.
  }
}
client.join({
  sdkKey: sdkKey,
  signature: signature, // role in SDK Signature needs to be 1
  meetingNumber: meetingNumber,
  password: password,
  userName: userName,
  zak: zakToken // the host's zak token
})
ZoomMtg.join({
  sdkKey: sdkKey,
  signature: signature, // role in SDK Signature needs to be 1
  meetingNumber: meetingNumber,
  passWord: passWord,
  userName: userName,
  zak: zakToken, // the host's zak token
  success: (success) => {
    console.log(success)
  },
  error: (error) => {
    console.log(error)
  }
})
void startMeeting() {
     // Start meeting for API user with StartParam object
     ZOOM_SDK_NAMESPACE::StartParam startMeetingParam;
     // Provide meeting credentials for API user using StartParam4WithoutLogin
     ZOOM_SDK_NAMESPACE::StartParam4WithoutLogin startMeetingWithoutLoginParam;
     startMeetingParam.userType = ZOOM_SDK_NAMESPACE::SDK_UT_WITHOUT_LOGIN;
     startMeetingWithoutLoginParam.zoomuserType = ZOOM_SDK_NAMESPACE::ZoomUserType_APIUSER;
     startMeetingWithoutLoginParam.meetingNumber = 1234567890;
     // Starting a meeting without the user logging in requires a ZAK token
     startMeetingWithoutLoginParam.userZAK = L"ZAK token for user";
     startMeetingWithoutLoginParam.userID = L"User ID or email for user";
     startMeetingWithoutLoginParam.userName = L"Display name for user";
     startMeetingParam.param.withoutloginStart = startMeetingWithoutLoginParam;
     ZOOM_SDK_NAMESPACE::SDKError startMeetingCallReturnValue(ZOOM_SDK_NAMESPACE::SDKERR_UNKNOWN);
     startMeetingCallReturnValue = yourMeetingServiceInstance->Start(startMeetingParam);
     if (startMeetingCallReturnValue == ZOOM_SDK_NAMESPACE::SDKError::SDKERR_SUCCESS)
     {
         // Start meeting call succeeded, listen for start meeting result using the onMeetingStatusChanged callback
     }
 }

See the platform specific Meeting SDK References for more instructions on how to provide the ZAK token to the SDK.

You are now ready to pick a platform and to start and join Zoom Meetings and Webinars.

Need help?

If you're looking for help, try Developer Support or our Developer Forum. Priority support is also available with Premier Developer Support plans.