Access Credentials

Zoom SDKs are authenticated using account-level access credentials (SDK Key & Secret) and user-level tokens (User Tokens and Zoom Access Tokens) when hosting a meeting on behalf of another user.

User Tokens and Zoom Access Tokens (ZAK) are required to start a meeting on behalf of a Non-login user. These dual tokens are required for additional layers of security.

Note: The Web SDK is authenticated using an API Key and Secret, not an SDK Key and Secret. To use the Web SDK, Create a JWT App on the Marketplace.

SDK Key & Secret

SDK apps require an SDK Key and Secret for authentication. These credentials are account-level and are generated once per account. To generate SDK Keys and Secrets for your account, navigate to the Marketplace and Create an SDK App.

If you have previously created an SDK app on the Marketplace, your SDK Key and Secret will be shared between apps and can be accessed by logging into the Marketplace and clicking Manage.

SDK Keys and Secrets are used in SDK initialization and can be passed into init methods either as direct values or as a JWT Token (for iOS, Android, Windows, Mac and Electron SDKs).

The Web SDK uses API Key & Secret

If you are building an app with the Web SDK, you’ll need an API Key & Secret, not an SDK Key & Secret. Create a JWT App on the Marketplace to get these credentials.

User Tokens

User Tokens are used to start meetings for a user. To request a User Token, send a GET request with a userId to /users/{userId]/token The default type token will return a User Token. Use the API Reference for more information.

A User ID can either be a userID requested through the Users API or the user’s email address.

Zoom Access Token (ZAK)

ZAKs are unique authentication tokens required to host a meeting on behalf of another user. Zoom Access Tokens (ZAK) were introduced in SDK version v4.1.28807.0726 as an additional layer of security for authentication.

ZAKs are required to be used in apps which allow meetings to be hosted by users not on the account associated with the SDK Key and Secret (app developer’s account).

Apps in which end-users are not meeting hosts do not require ZAK to start meetings.

ZAKs have an expiration time of 2 hours, from the time of the response. Accounts with “API User” members have expiration times of 90 days.

If a meeting is started without a ZAK, the user will join the meeting as a participant. Starting a meeting with a ZAK joins the user as a host, with all controls available to meeting hosts.

Request User’s ZAK

To request a User’s ZAK, send a GET request with a userId to /users/{userId]/token and specify type=zak in the body of the request. (If a type is not specified, the default response will be Zoom Token). API Reference.

A User ID can either be a userID requested through the Users API or the user’s email address.

Refresh ZAK

ZAKs have an expiration time of 2 hours, starting from the time of the request.

ZAKs are refreshed by making the same request for the user’s token. /users/{userId}/token

Tip: The ZAK token response does not include a timestamp field. Create a timestamp when the request is made to track when to refresh the token.

Need help?

The first place to look is on our Developer Forum. If you can't find the answer or your request includes sensitive information, contact Developer Support.