SDK Authorization


The Zoom Video SDKs use a Video SDK Key and Secret to generate an SDK JWT for authorized use of the Video SDK.

Video SDK Sessions can be started and joined with your Video SDK JWT.

On This Page

Get Video SDK Key and Secret

To get a Video SDK Key and Secret, go to the Zoom App Marketplace and sign in with your Video SDK account. If you do not have a Video SDK account yet, you can create one.

Click Develop and choose Build App. On the Video SDK app type, click Create.

After completing the Video SDK App setup, go to App Credentials where you will find your Video SDK Key and Secret.

Now that you have a Video SDK Key and Secret you are ready to generate a Video SDK JWT.

Generate the Video SDK JWT

Each request to start and join a Video SDK Session must be authorized by an encrypted Video SDK JSON Web Token (JWT). A Video SDK JWT must be generated each time you start and join a Video SDK Session through a backend (server-side) function where your Video SDK credentials can be stored securely.

JWTs are generated with three core parts: Header, Payload, and Signature. When combined, these parts are separated by a period to form a token: 1111111.2222222.3333333.

Header:

The Header includes the specification of the signing algorithm and the type of token.

KeyValue
algHS256
typJWT
{
"alg": "HS256",
"typ": "JWT"
}

Payload:

The payload of a JWT contains the claims of the token, or the pieces of information being passed about the user and any metadata required.

KeyValue Description
app_keyYour Video SDK Key. Required.
tpcThe Video SDK Session name. Max 200 characters. Required. Can include alphanumeric characters, space, and symbols: !, #, $, %, &, (, ), +, -, :, ;, <, =, ., >, ?, @, [, ], ^, _, {, }, |, ~, ,.
versionShould be set to 1.
role_typeThe user role. Required. Values: 0 to specify participant, 1 to specify host.
user_identityOptional, an identifier you can provide to identify your users. This value will show up in the Video SDK APIs and Dashboard. Max length 15 characters.
session_keyA key you can provide to identify your session. This value will show up in the Video SDK APIs and Video SDK Dashboard. This value is optional unless it was set with the host. If set with the host, all attendees much provide the same session_key value or they will fail to join the session.
iatThe current timestamp. Required.
expJWT expiration date. Required. Values: Min = 1800 seconds greater than iat value, max = 48 hours greater than iat value. In epoch format.
pwdOptional, the password of the session that the user is going to create or join. Supports a maximum of 10 characters.
{
"app_key": VIDEO_SDK_KEY,
"tpc": SESSION_NAME,
"version": 1,
"role_type": ROLE,
"user_identity": USER_IDENTITY,
"session_key": SESSION_KEY,
"iat": 1646937553,
"exp": 1646944753,
"pwd": 12345
}

Signature:

To create a signature for the JWT, the header and payload must be encoded with the Video SDK Secret through an HMAC SHA256 algorithm.

ValueValue Description
VIDEO_SDK_SECRETRequired, your Video SDK Secret.
HMACSHA256(
base64UrlEncode(header) + '.' + base64UrlEncode(payload),
VIDEO_SDK_SECRET
);

Example Video SDK JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBfa2V5IjoiVklERU9fU0RLX0tFWSIsImlhdCI6MTY0NjI0ODc5NiwiZXhwIjoxNjQ2MjU1OTk2LCJ0cGMiOiJDb29sIENhcnMiLCJ1c2VyX2lkZW50aXR5IjoidXNlcjEyMyIsInNlc3Npb25fa2V5Ijoic2Vzc2lvbjEyMyIsInJvbGVfdHlwZSI6MH0.Y6C65mZUxTZFeGiOI6oW5q2UkIXe3nLTK0MVNkfiJ9c

Node.js generate Video SDK JWT function

In the sample Node.js generate signature function below, we use jsrsasign, an open source cryptographic JavaScript library.

const KJUR = require('jsrsasign')
// https://www.npmjs.com/package/jsrsasign
function generateSignature(sdkKey, sdkSecret, sessionName, role, sessionKey, userIdentity) {
const iat = Math.round((new Date().getTime() - 30000) / 1000)
const exp = iat + 60 * 60 * 2
const oHeader = { alg: 'HS256', typ: 'JWT' }
const oPayload = {
app_key: sdkKey,
tpc: sessionName,
role_type: role,
session_key: sessionKey,
user_identity: userIdentity,
iat: iat,
exp: exp
}
const sHeader = JSON.stringify(oHeader)
const sPayload = JSON.stringify(oPayload)
const sdkJWT = KJUR.jws.JWS.sign('HS256', sHeader, sPayload, sdkSecret)
return sdkJWT
}
console.log(generateSignature(process.env.ZOOM_VIDEO_SDK_KEY, process.env.ZOOM_VIDEO_SDK_SECRET, 'Cool Cars', 1, 'session123', 'user123'))

For additional JWT libraries and examples in more languages, see JWT.io.

You are now ready to start and join Video SDK Sessions.

Next Steps

Need help?

If you're looking for help, try Developer Support or our Developer Forum. Priority support is also available with Premier Developer Support plans.