Top of pageSkip to main content

Authorization


The Zoom Meeting SDKs use a Meeting SDK key and secret to generate a Meeting SDK JWT for authorized use of the Meeting SDK:

On This Page

Meeting SDK Auth

Follow these steps to get your Meeting SDK key and secret, generate the Meeting SDK JWT, and pass the Meeting SDK JWT to the join function.

1. Get Meeting SDK key and secret

To get a Meeting SDK key and secret, go to the Zoom App Marketplace and sign in with your Zoom account. If you do not have a Zoom account yet, you can create one.

Click Develop and choose Build App. On the Meeting SDK app type, click Create.

After completing the Meeting SDK App setup, go to App Credentials where you will find your Meeting SDK key and secret.

Now that you have a Meeting SDK key and secret you are ready to generate a Meeting SDK JWT.

2. Generate the Meeting SDK JWT

Each request to start and join a Zoom meeting or webinar must be authorized by an encrypted Meeting SDK JSON Web Token (JWT). A Meeting SDK JWT must be generated each time you join a meeting or webinar through a backend (server-side) function where your Meeting SDK credentials can be stored securely.

Generate JWTs with three core parts: Header, Payload, and Signature. When combined, separate these parts with periods to form a token: 1111111.2222222.3333333.

Header:

The header includes the specification of the signing algorithm and the type of token.

KeyValue
algHS256
typJWT
{
  "alg": "HS256",
  "typ": "JWT"
}

Payload:

The payload of a JWT contains the claims of the token, pieces of information about the user and any required metadata. The required fields depend on whether you are using the JWT for the web or native OSes (such as Android, iOS, macOS, and Windows). See the table below for details.

KeyValue Description
appKeyYour Meeting SDK key. Required for native, optional for web.
sdkKeyYour Meeting SDK key. Required for web, optional for native.
mnThe Zoom meeting or webinar number. Required for web, optional for native.
roleThe user role. Required for web, optional for native. Values: 0 to specify participant, 1 to specify host.
iatThe current timestamp. Required.
expJWT expiration date. Required. Values: Min = 1800 seconds greater than iat value, max = 48 hours greater than iat value. In epoch format.
tokenExpJWT expiration date. Required. Values: Min = 1800 seconds greater than iat value, max = 48 hours greater than iat value. In epoch format.

Example payload:

{
  "appKey": SDK_KEY,
  "sdkKey": SDK_KEY,
  "mn": MEETING_NUMBER,
  "role": ROLE,
  "iat": 1646937553,
  "exp": 1646944753,
  "tokenExp": 1646944753
}

Signature:

To create a signature for the JWT, the header and payload must be encoded with the Meeting SDK secret through an HMAC SHA256 algorithm.

ValueValue Description
ZOOM_MEETING_SDK_SECRETRequired, your Meeting SDK secret.
HMACSHA256(
  base64UrlEncode(header) + '.' + base64UrlEncode(payload),
  ZOOM_MEETING_SDK_SECRET
);

Example Meeting SDK JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZGtLZXkiOiJhYmMxMjMiLCJtbiI6IjEyMzQ1Njc4OSIsInJvbGUiOjAsImlhdCI6MTY0NjkzNzU1MywiZXhwIjoxNjQ2OTQ0NzUzLCJhcHBLZXkiOiJhYmMxMjMiLCJ0b2tlbkV4cCI6MTY0Njk0NDc1M30.UcWxbWY-y22wFarBBc9i3lGQuZAsuUpl8GRR8wUah2M

Node.js generate Meeting SDK JWT function

In the sample Node.js generate signature function below, we use jsrsasign, an open source cryptographic JavaScript library.

const KJUR = require('jsrsasign')
// https://www.npmjs.com/package/jsrsasign
function generateSignature(sdkKey, sdkSecret, meetingNumber, role) {

  const iat = Math.round((new Date().getTime() - 30000) / 1000)
  const exp = iat + 60 * 60 * 2
  const oHeader = { alg: 'HS256', typ: 'JWT' }

  const oPayload = {
    sdkKey: sdkKey,
    mn: meetingNumber,
    role: role,
    iat: iat,
    exp: exp,
    appKey: sdkKey,
    tokenExp: iat + 60 * 60 * 2
  }

  const sHeader = JSON.stringify(oHeader)
  const sPayload = JSON.stringify(oPayload)
  const sdkJWT = KJUR.jws.JWS.sign('HS256', sHeader, sPayload, sdkSecret)
  return sdkJWT
}

console.log(generateSignature(process.env.ZOOM_MEETING_SDK_KEY, process.env.ZOOM_MEETING_SDK_SECRET, 123456789, 0))

You are now ready to join Zoom meetings and webinars.

3. Pass the Meeting SDK JWT to the join function

Now that you have a Meeting SDK JWT token you can use it to join the Zoom meeting or webinar.

val listener = object : ZoomSDKInitializeListener {
    override fun onZoomSDKInitializeResult(p0: Int, p1: Int) {
    }
    override fun onZoomAuthIdentityExpired() {
    }
}       
val initParams = ZoomSDKInitParams().apply {
    jwtToken = "" // Pass in your Meeting SDK JWT
    domain = "zoom.us"
    enableLog = true
}
ZoomSDK.getInstance().initialize(context, listener, initParams)
let sdk = MobileRTC.shared()
let initContext = MobileRTCSDKInitContext()
initContext.domain = "https://zoom.us"
let initResult = sdk.initialize(initContext)
guard let authService = sdk.getAuthService(), initResult else {
    return
}       
authService.delegate = self
authService.jwtToken = "" // Pass in your Meeting SDK JWT
authService.sdkAuth()
guard let sdk = ZoomSDK.shared() else {
    return
}
let initParams = ZoomSDKInitParams()
sdk.initSDK(with: initParams)
sdk.zoomDomain = "zoom.us"
guard let authService = sdk.getAuthService() else {
    return
}
let authContext = ZoomSDKAuthContext()
authContext.jwtToken = "" // Pass in your Meeting SDK JWT
authService.delegate = self
authService.sdkAuth(authContext)
client.join({
  sdkKey: sdkKey,
  signature: signature, // Pass in your Meeting SDK JWT
  meetingNumber: meetingNumber,
  password: password,
  userName: userName
})
ZoomMtg.join({
  sdkKey: sdkKey,
  signature: signature, // Pass in your Meeting SDK JWT
  meetingNumber: meetingNumber,
  passWord: passWord,
  userName: userName,
  success: (success) => {
    console.log(success)
  },
  error: (error) => {
    console.log(error)
  }
})
ZOOM_SDK_NAMESPACE::InitParam initParam;
initParam.strWebDomain = L"zoom.us";
ZOOM_SDK_NAMESPACE::InitSDK(initParam);
ZOOM_SDK_NAMESPACE::IAuthService* authService;
ZOOM_SDK_NAMESPACE::CreateAuthService(authService);
ZOOM_SDK_NAMESPACE::AuthContext authContext;
authContext.jwt_token = L""; // Pass in your Meeting SDK JWT
authService->SDKAuth(authContext);
ZOOM_SDK_DOTNET_WRAP.InitParam initParams = new ZOOM_SDK_DOTNET_WRAP.InitParam();
initParams.web_domain = "zoom.us"
ZOOM_SDK_DOTNET_WRAP.CZoomSDKeDotNetWrap.Instance.Initialize(initParam);
ZOOM_SDK_DOTNET_WRAP.AuthContext authParam = new ZOOM_SDK_DOTNET_WRAP.AuthContext();
authParam.jwt_token = ""; // Pass in your Meeting SDK JWT
ZOOM_SDK_DOTNET_WRAP.CZoomSDKeDotNetWrap.Instance.GetAuthServiceWrap().SDKAuth(param);

See the platform-specific Meeting SDK documentation for more instructions on how to provide the Meeting SDK JWT token to the Meeting SDK.

You are now ready to pick a platform and to join Zoom meetings and webinars.

Continue to User OAuth with the Meeting SDK for instructions on starting Zoom meetings and webinars on the Meeting SDK with a Zoom user's ZAK token.

User OAuth with the Meeting SDK

The Meeting SDK App type has OAuth credentials and scopes. The scope to get a Zoom user's ZAK token is the user:read or user:read:admin scope. The meeting:write and meeting:read scopes are also useful if you want to manage meeting flows programmatically using Meetings APIs, but they are not required to start a meeting on behalf of a Zoom user.

To start Zoom meetings and webinars on the Meeting SDK with a Zoom user's ZAK token:

  1. Choose an OAuth flow.
  2. Get the user's ZAK token.
  3. Pass the ZAK token to the Meeting SDK.

1. Choose OAuth flow

Executing on...OAuth FlowDescription
ServerAuthorization Code FlowThis is best for web platforms. To complete the OAuth flow with a backend server, where you can use your web-based application to manage the redirect after a successful user authorization, follow the Zoom OAuth guide.
Browser or appAuthorization Code Flow with PKCEThis is best for native OS platforms. To complete the OAuth flow without a backend server, use your Meeting SDK for native OS app with a non-https private-use URI scheme to the Zoom service with a code verifier and code challenge using PKCE.
See the Android, iOS, macOS or platform agnostic PKCE guides for more details.

2. Get a user's ZAK token

Now that you have an access_token you are ready to get the user's ZAK token.

After a user completes the OAuth2 authorization flow, you can use their access_token to call the Get User Token API. The user's ZAK token can then be passed into the Meeting SDKs to start the user's meeting or webinar.

When you use GET /users/{userId}/token, ZAK tokens expire in two hours. It is best practice to get the ZAK token right before you start the meeting. When using the Meeting SDK for Web, the Zoom API must be called from a backend service.

Endpoint:

GET https://api.zoom.us/v2/users/me/token?type=zak

Request Header:

{
  "Authorization": "Bearer {{access_token}}"
}

Response Code: 200 OK

Response Body:

{
  "token": "{{zak_token}}"
}

3. Pass ZAK token to the Meeting SDK

Now that you have a ZAK token you can use it to start the Zoom user's meeting or webinar with the Meeting SDKs.

private fun startMeeting(zak: String) {
   val meetingService = ZoomSDK.getInstance().meetingService
   val startParams = StartMeetingParamsWithoutLogin().apply {
       zoomAccessToken = zak
       meetingNo = ""
   }
   meetingService.addListener(meetingServiceListener)
   val result = meetingService.startMeetingWithParams(this, startParams, StartMeetingOptions())
   if (result == MeetingError.MEETING_ERROR_SUCCESS) {
       // The SDK will attempt to join the meeting.
   }
}
private func startMeeting(zak: String) {
    let startParams = MobileRTCMeetingStartParam4WithoutLoginUser()
    startParams.zak = zak
    startParams.meetingNumber = "" // TODO: Add your meeting number
    startParams.userID = "" // TODO: Add your display name
    let meetingService = MobileRTC.shared().getMeetingService()
    meetingService?.delegate = self
    let meetingResult = meetingService?.startMeeting(with: startParams)
    if (meetingResult == .success) {
        // The SDK will attempt to join the meeting, see onMeetingStateChange callback.
    }
}
private func startMeeting(zak: String) {
  let startParams = ZoomSDKStartMeetingUseZakElements()
  startParams.meetingNumber = 0
  startParams.zak = zak
  startParams.userId = "someFakeID"
  startParams.displayName = "" // TODO: Enter your display name
  startParams.userType = SDKUserType_EmailLogin
  let meetingService = zoomSdk.getMeetingService()
  meetingService?.delegate = self
  let meetingResult = meetingService?.startMeeting(withZAK: startParams)
  if (meetingResult == ZoomSDKError_Success) {
      // The SDK will attempt to join the meeting, see onMeetingStatusChange callback.
  }
}
client.join({
  sdkKey: sdkKey,
  signature: signature, // role in SDK Signature needs to be 1
  meetingNumber: meetingNumber,
  password: password,
  userName: userName,
  zak: zakToken // the host's zak token
})
ZoomMtg.join({
  sdkKey: sdkKey,
  signature: signature, // role in SDK Signature needs to be 1
  meetingNumber: meetingNumber,
  passWord: passWord,
  userName: userName,
  zak: zakToken, // the host's zak token
  success: (success) => {
    console.log(success)
  },
  error: (error) => {
    console.log(error)
  }
})
void startMeeting() {
     // Start meeting for API user with StartParam object
     ZOOM_SDK_NAMESPACE::StartParam startMeetingParam;
     // Provide meeting credentials for API user using StartParam4WithoutLogin
     ZOOM_SDK_NAMESPACE::StartParam4WithoutLogin startMeetingWithoutLoginParam;
     startMeetingParam.userType = ZOOM_SDK_NAMESPACE::SDK_UT_WITHOUT_LOGIN;
     startMeetingWithoutLoginParam.zoomuserType = ZOOM_SDK_NAMESPACE::ZoomUserType_APIUSER;
     startMeetingWithoutLoginParam.meetingNumber = 1234567890;
     // Starting a meeting without the user logging in requires a ZAK token
     startMeetingWithoutLoginParam.userZAK = L"ZAK token for user";
     startMeetingWithoutLoginParam.userID = L"User ID or email for user";
     startMeetingWithoutLoginParam.userName = L"Display name for user";
     startMeetingParam.param.withoutloginStart = startMeetingWithoutLoginParam;
     ZOOM_SDK_NAMESPACE::SDKError startMeetingCallReturnValue(ZOOM_SDK_NAMESPACE::SDKERR_UNKNOWN);
     startMeetingCallReturnValue = yourMeetingServiceInstance->Start(startMeetingParam);
     if (startMeetingCallReturnValue == ZOOM_SDK_NAMESPACE::SDKError::SDKERR_SUCCESS)
     {
         // Start meeting call succeeded, listen for start meeting result using the onMeetingStatusChanged callback
     }
 }

See the platform-specific Meeting SDK documentation for more instructions on how to provide the ZAK token to the Meeting SDK.

You are now ready to pick a platform and to start and join Zoom meetings and webinars.

Need help?

If you're looking for help, try Developer Support or our Developer Forum. Priority support is also available with Premier Developer Support plans.