Zoom Token & Zoom Access Token (ZAK) – Non-login User Only


Contents

1. What is a Zoom Access Token (ZAK)?

2. What is the difference between authentication with or without a ZAK?

3. Frequently Asked Questions about ZAK.

For Non-login users, the following three values are required to make API requests before hosting a meeting:

  • User_ID
  • Zoom_Token
  • Zoom_Access_Token (ZAK)

User_ID is the user’s identification. You can either retrieve it from the API, or you can use the user’s email address.

Zoom_Token is the authenticated token that can be derived from our RESTful API. It is needed to perform any operations.

Zoom_Access_Token: We will introduce Zoom Access Token in this section.

1. What is Zoom Access Token (ZAK)?

Starting from SDK version v4.1.28807.0726, we have introduced a new layer of security in the RESTFul API authentication process. A new unique identifying and authenticating token called “Zoom Access Token(ZAK)” is required to host a meeting on behalf of another user.

The ZAK can be retrieved from our RESTFul API. Send a GET request with your userId to https://api.zoom.us/v2/users/{userId}/token and specify type=zak to get ZAK token. (If you do not specify type, the default response will be Zoom_token). The token expiration time is 2 hours.

API request

You can change the {userId} value and try to get your ZAK.

Send requests directly from the browser (CORS must be enabled)
Path Params
1 path param not set
userId
$$.env
No $$.env variables are being used in this request.
{
  "token": "string"
}

The basic flow of using ZAK is like the following:

2. What is the difference between authentication with or without a ZAK?

The major difference between starting a meeting with and without ZAK is:

If you start a meeting without a ZAK, the system will recognize the ZAK is missing, and you will join the meeting as a participant:

Without ZAK
Without ZAK

If you start a meeting with ZAK, you will be the host of the meeting and you will be able to do any operations that a host can.

With ZAK
With ZAK

3. Frequently Asked Questions about ZAK.

1. What is the difference between the old “token” and “ZAK”? Why is “ZAK” required now for new SDK versions?

Both Zoom token and Zoom Access Token(ZAK) are required to generate a starting URI, and the main difference between them is: ZAK is an extra layer of security to ensure the authentication process is safe.

2. We currently use “token” in our Start Meeting SDK. We will need to update to use “ZAK.” Can we swap them out?

Unfortunately, The value: User_id, Zoom_token & Zoom_Access_Token are all required values. They are all required in the authentication process.

3. Does the ZAK token refresh its value after it expires?

The ZAK token does not refresh by itself. If you would like to refresh the token, you will need to send the API request again.

4. Is there a way to check how much longer it has left until expiring?

Currently, the ZAK token does not include a timestamp with the response. Thus you will need to record the time on your side.

5. Does the ZAK token time start when you create the user?

No. The ZAK token time starts when you send an API request to https://api.zoom.us/v2/users/{userId}. Every time you receive a new ZAK from the response, the time will start counting from that moment.

6. How do we know if it’s 90 days or 2 hours?

Typically, it is 2 hours for all users. We have a type of account is called “API User,” for that type of user, the expiration time is 90 days.

7. Is the ZAK token used for starting a meeting as a host?

Yes. ZAK is required if you would like to start a meeting on behalf of another user. For example, if the account that is associated with the SDK key & secret is for Jane, if Jane wants to start a meeting on behalf of James, then Jane will need to get James’ ZAK to start a meeting.

Please refer to the API documentation for more information:

https://marketplace.zoom.us/docs/api-reference/zoom-api/users/usertoken