Generate Signature

Each request to start or join a meeting / webinar must be verified by an encrypted signature authorizing each user to enter. A signature must be generated each time you join a meeting or webinar on a backed service where your credentials can be stored securely.

This signature is used in the ZoomMtg.join() method. Follow the guides to Join a Meeting and Join a Webinar once this is set up.

Within your application, create a server-side function which will generate a signature based on dynamic meeting inputs.

Signature parameters:

Name Description
apiKey API Key of your account
apiSecret API Secret of your account
meetingNumber Meeting Number being joined
role 1 for meeting host, 0 for participants & joining webinars

Below are sample functions to generate a base64 encrypted signature.

const crypto = require('crypto') // crypto comes with Node.js

function generateSignature(apiKey, apiSecret, meetingNumber, role) {

  // Prevent time sync issue between client signature generation and zoom 
  const timestamp = new Date().getTime() - 30000
  const msg = Buffer.from(apiKey + meetingNumber + timestamp + role).toString('base64')
  const hash = crypto.createHmac('sha256', apiSecret).update(msg).digest('base64')
  const signature = Buffer.from(`${apiKey}.${meetingNumber}.${timestamp}.${role}.${hash}`).toString('base64')

  return signature

// pass in your Zoom JWT API Key, Zoom JWT API Secret, Zoom Meeting Number, and 0 to join meeting or webinar or 1 to start meeting
console.log(generateSignature(process.env.API_KEY, process.env.API_SECRET, 123456789, 0))
Single-page Applications

For front-end frameworks like React or Vue.js or other single-page applications, you’ll need to make sure your API Key and Secret are not stored client-side when generating signatures.

Simple Signature Setup

To quickly, easily, and securly generate a signature for the Web SDK, checkout the Signature Sample App, or deploy the signature sample app to a Heroku instance by clicking “Deploy to Heroku”:


After clicking the “Deploy to Heroku” button, enter your JWT API Key and API Secret:

Then click “Deploy app”.

Once your app is deployed, make a POST request to your Heroku URL with the following request body:

Body Description
meetingNumber Meeting / Webinar ID being joined
role `1` for meeting hosts; `0` for participants & joining webinars

Example request:

POST https://{sub_domain}

Request Body:

  "meetingNumber": 123456789,
  "role": 0

If successful, the response body will be a JSON representation of your signature:


Within your application, pass in the signature to the ZoomMtg.join() method:

// make an http request to your server to get the signature

  signature: signature,
  meetingNumber: meetingNumber,
  userName: userName,
  apiKey: apiKey,
  userEmail: userEmail,
  passWord: password,
  success: (success) => {
  error: (error) => {