The Zoom Meeting SDK uses JWT Web Tokens for authentication. The token is generated by the developer using the developer's SDK Key and Secret. This tutorial will guide you through creating a sample JWT token that can be used for any of the Zoom Meeting SDK demo apps or for use in your own Zoom Meeting SDK application.
Finding your SDK Key and Secret
- Navigate to the Zoom Marketplace and sign in with your Zoom developer account.
- In the top right corner of the page, click 'Develop' then 'Build App'.
- In the 'SDK' tile, click the 'View here' button. Do not click the JWT tile. The JWT tile is for getting a Zoom API token.
- Your SDK Key and Secret are in these boxes. Do not share them publicly or hardcode them into your application.
The JWT Header and Payload
Header:
{
'alg': 'HS256',
'typ': 'JWT'
}
Payload:
{
'appKey': 'Your SDK Key Here',
'iat': long, // Timestamp of when the token was issued in epoch time.
'exp': long, // Access token expire timestamp in epoch time, iat + a time less than 48 hours
'tokenExp': long // Token expire time in epoch time, MIN:1800 seconds
}
Using JWT.io
JWT.io provides an excellent JWT debugger. This debugger can be used to build a token from a header and payload.
- Navigate to the debugger.
- Replace the default header and payload with the one provided in this tutorial. The header will likely be the same as the default.
- Remove the comments located in the JSON payload. Notice that the JWT.io debugger will turn red when the payload has a syntax error.
- Now we must populate the payload with valid values. All three of the timestamp parameters must be in epoch time. Epochconverter.com provides an easy to use interface for getting the current date and time in epoch format as well as future dates.
- Copy the value in the 'current Unix epoch time' and paste it into the value for the 'iat' parameter of our payload in the JWT.io debugger. The debugger will show you the value as a readable date if the epoch value has the correct syntax.
- The 'exp' value must be a time ahead of 'iat' but less than 48 hours ahead of 'iat'. The 'tokenExp' value must be a time greater than 1800 seconds ahead of 'iat'. For the sake of simplicity, let's make both of these values 24 hours from now. For example, if it is the 27th of the month, so change the day value on Epochconvert.com to the 28th. Click the 'Human date to Timestamp' button and copy the value it produces.
- Paste that value into both the 'exp' and 'tokenExp' values of the payload.
- Copy your SDK key and paste it in the 'appKey' value. Then copy your secret and paste it into the box that says 'your-256-bit-secret'. Leave the 'secret base64 encoded' box unchecked.
- Your JWT Web Token is the string that is in the 'Encoded' box. Highlight and copy this directly, do not copy it from the 'SHARE JWT' button.
Where to Use the Token
- This token can be used to auth any of the Zoom Meeting SDK demo applications or any of your applications that use the Zoom Meeting SDK. This Token will not work for the API or the Fully Customizable SDK.
- Note, this token is just a sample token. This process should not be used for production applications. A JWT token should be generated outside of your application in production. Do not hardcode your SDK key and secret in your application or anywhere that is publicly accessible.
Common Issues that Result in an Invalid Token
- The JSON header or payload uses curly quotes instead of straight quotes
- The timestamps are not in epoch format
- The token was copied from the 'SHARE JWT' button instead of directly from the text
- Timestamps did not satisfy rules
- The 'secret base64 encoded' box was checked
- There aren't quotes around the SDK key string
- There are quotes around one or more of the timestamps
- The AppKey and AppSecret were copied from the JWT tile of the Zoom Marketplace instead of the SDK tile
Resources
- Documentation:
- Sample Apps are available through the Zoom Marketplace
- Community