# Make API requests

<!-- WARNING: THIS FILE WAS AUTOGENERATED! DO NOT EDIT! -->

Use The **API Key** and **API Secret** to authorize requests to the [Account Settings APIs](/docs/api/accounts/#tag/accounts), [Video SDK APIs](/docs/api/video-sdk), and [Cobrowse SDK APIs](/docs/api/cobrowse-sdk).

APIs use [JSON Web Tokens (JWT)](https://datatracker.ietf.org/doc/html/rfc7519) for authorization. Each request to the API must be authorized by an **API JWT** as the request header bearer token. An API JWT can be used until the token expires. You can set the token expiry, but we suggest limiting the time up to one hour for increased security.

<JWTGenerator appType="video-api" />

See [Generate API JWT](#generate-api-jwt) to programmatically generate your own.

## Make your first API call

> **Note**
>
> This example uses Video SDK.

Use your API JWT to call the [Video SDK APIs](/docs/api/video-sdk). For example, call [List sessions](/docs/api/video-sdk/#tag/sessions/GET/videosdk/sessions) (replace `12345abcde` with your JWT).

```shell
curl https://api.zoom.us/v2/videosdk/sessions -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer 12345abcde"
```

You should get a response code of `200 OK` and something resembling the response body below.

```json
{
    "from": "2022-09-01",
    "to": "2022-09-02",
    "page_size": 30,
    "next_page_token": "",
    "sessions": []
}
```

_If you haven't used Video SDK yet to create sessions, the `sessions` object will be blank._

## Use Account Settings APIs

Use the [Account Settings APIs](/docs/api/accounts/#tag/accounts) to view and modify session and session security information about your account. See [Create account](/docs/build/account/) for details about these settings.

See `in_session` and `session_security` objects in the following APIs for reference documentation.

-   [Get account settings](/docs/api/accounts/#tag/accounts/GET/accounts/{accountId}/settings)
-   [Update account settings](/docs/api/accounts/#tag/accounts/PATCH/accounts/{accountId}/settings)

For example, call [Get account settings](/docs/api/accounts/#tag/accounts/GET/accounts/{accountId}/settings) to see the `data_center_regions` you've enabled for sessions (replace `12345abcde` with your JWT). The [`me` keyword](/docs/api/using-zoom-apis/#the-me-keyword) in this example indicates that you are getting this information for your account.

```shell
curl https://api.zoom.us/v2/accounts/me/settings -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer 12345abcde"
```

You should get a result that includes something like the following.

```json
...
"in_session": {
    ...
    "data_center_regions": [
        "AU",
        "CA",
        "DE",
        "IE",
        "IN",
        "LA",
        "MX",
        "NL",
        "SG",
        "TY",
        "US"
    ],
...
```

_**Note: Some options may only be available for Video SDK.**_

## Generate API JWT

First, [get your API key and secret](/docs/build/developer-accounts/#get-api-key-and-secret). Then follow these guidelines to generate an API JWT for your app.

JWTs consist of three core parts: **Header**, **Payload**, and **Signature**. When combined, these parts are separated by a period to form a token: `1111111.2222222.3333333`.

### Header

The Header includes the specification of the signing algorithm and the type of token.

| Key   | Value   |
| ----- | ------- |
| `alg` | `HS256` |
| `typ` | `JWT`   |

```javascript
{
  "alg": "HS256",
  "typ": "JWT"
}
```

### Payload

The payload of a JWT contains the claims of the token, or the pieces of information being passed about the user and any metadata required.

| Key   | Value Description                               |
| ----- | ----------------------------------------------- |
| `iss` | Your **API** Key. Required.                     |
| `iat` | The current timestamp. Required.                |
| `exp` | JWT expiration date. Required. In epoch format. |

```javascript
{
  "iss": API_KEY,
  "iat": 1662147046,
  "exp": 1662152446
}
```

### Signature

To create a signature for the JWT, the header and payload must be encoded with the **API** Secret through an HMAC SHA256 algorithm.

| Value        | Value Description              |
| ------------ | ------------------------------ |
| `API_SECRET` | Required, your **API** Secret. |

```javascript
HMACSHA256(
    base64UrlEncode(header) + "." + base64UrlEncode(payload),
    API_SECRET,
);
```

### Example API JWT

`<JWT_TOKEN>`

### Node.js generate API JWT function

This sample **Node.js generate API JWT** function uses [jsrsasign](https://www.npmjs.com/package/jsrsasign), an open source cryptographic JavaScript library, to encode the token.

```javascript
const KJUR = require("jsrsasign");
// https://www.npmjs.com/package/jsrsasign

const iat = Math.round(new Date().getTime() / 1000) - 30;
const exp = iat + 60 * 60 * 2;
const oHeader = { alg: "HS256", typ: "JWT" };

const oPayload = {
    iss: process.env.ZOOM_API_KEY,
    iat: iat,
    exp: exp,
};

const sHeader = JSON.stringify(oHeader);
const sPayload = JSON.stringify(oPayload);
const API_JWT = KJUR.jws.JWS.sign(
    "HS256",
    sHeader,
    sPayload,
    process.env.ZOOM_API_SECRET,
);

console.log(API_JWT);
```

For additional JWT libraries and examples in more languages, see [JWT.io](https://jwt.io/libraries).

## Access or modify subaccount data

[Master accounts](/docs/api/ma) can use APIs to programmatically manage activities for subaccounts in their organization if both the owner of the master account and the owner of the subaccount agree. _Work with your Zoom account representative to enable this access for the master account and each subaccount._

### Prerequisites

-   Verify that the master account and the subaccount are in the same organization.
-   Verify that Zoom has enabled both of the following permissions:
    -   **Master account permission**: Login access to the subaccount.
    -   **Subaccount permission**: Login access from the master account.

### Access subaccount data

> **Note**
>
> This example uses Video SDK.

Use the [Video SDK master account APIs](/docs/api/video-sdk/ma) to access or modify subaccount data. For example, the subaccount endpoint to get a daily usage report is `/videosdk/report/daily`. If you are using the master account and you would like to get the daily usage report for this subaccount, use `/v2/accounts/{accountId}/videosdk/report/daily`.

### To access subaccount data

Follow these steps to use the master's API JWT to access the account endpoints for the subaccount and access or modify subaccount data. After authentication, these steps work just as you would use the master account API endpoints in the Zoom Meetings API.

1. Be sure that you meet the [prerequisites](#prerequisites).
2. Use the [list subaccounts endpoint](/docs/api/accounts/ma/#tag/accounts/GET/accounts) to get the account ID for the subaccount.
3. Use the master account [Video SDK API JWT](/docs/build/developer-accounts/#get-sdk-key-and-secret) to [generate an authorization token](/docs/video-sdk/auth/) to access the API.
4. Find the master API endpoint that you want to use, for example, a [Video SDK master account API](/docs/api/video-sdk/ma) or an [Account master API](/docs/api/accounts/ma) such as [get account settings](/docs/api/accounts/ma/#tag/accounts/GET/accounts/{accountId}/settings) for `in_session` objects.
5. Replace `{accountId}` with the account ID for the subaccount.

## Subscribe to webhook events

On your [account page](/docs/build/developer-accounts/), under **Add feature**, toggle **Event Subscriptions** to subscribe to events [using webhooks](/docs/api/webhooks/).

Configure webhooks to send [Cobrowse SDK events](/docs/api/cobrowse-sdk/events/) or [Video SDK events](/docs/api/video-sdk/events/) to your server as HTTP POST requests. This is useful for tracking events or building out business logic. For example, when you receive a Video SDK session ended webhook, you could send an email to thank the participants for joining.