Make API requests
Use The API Key and API Secret to authorize requests to the Account Settings APIs, Video SDK APIs, and Cobrowse SDK APIs.
APIs use JSON Web Tokens (JWT) for authorization. Each request to the API must be authorized by an API JWT as the request header bearer token. An API JWT can be used until the token expires. You can set the token expiry, but we suggest limiting the time up to one hour for increased security.
See Generate API JWT to programmatically generate your own.
Make your first API call
Note
This example uses Video SDK.
Use your API JWT to call the Video SDK APIs. For example, call List sessions (replace 12345abcde with your JWT).
curl https://api.zoom.us/v2/videosdk/sessions -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer 12345abcde"
You should get a response code of 200 OK and something resembling the response body below.
{
"from": "2022-09-01",
"to": "2022-09-02",
"page_size": 30,
"next_page_token": "",
"sessions": []
}
If you haven't used Video SDK yet to create sessions, the sessions object will be blank.
Use Account Settings APIs
Use the Account Settings APIs to view and modify session and session security information about your account. See Create account for details about these settings.
See in_session and session_security objects in the following APIs for reference documentation.
For example, call Get account settings to see the data_center_regions you've enabled for sessions (replace 12345abcde with your JWT). The me keyword in this example indicates that you are getting this information for your account.
curl https://api.zoom.us/v2/accounts/me/settings -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer 12345abcde"
You should get a result that includes something like the following.
...
"in_session": {
...
"data_center_regions": [
"AU",
"CA",
"DE",
"IE",
"IN",
"LA",
"MX",
"NL",
"SG",
"TY",
"US"
],
...
Note: Some options may only be available for Video SDK.
Generate API JWT
First, get your API key and secret. Then follow these guidelines to generate an API JWT for your app.
JWTs consist of three core parts: Header, Payload, and Signature. When combined, these parts are separated by a period to form a token: 1111111.2222222.3333333.
Header
The Header includes the specification of the signing algorithm and the type of token.
| Key | Value |
|---|---|
alg | HS256 |
typ | JWT |
{
"alg": "HS256",
"typ": "JWT"
}
Payload
The payload of a JWT contains the claims of the token, or the pieces of information being passed about the user and any metadata required.
| Key | Value Description |
|---|---|
iss | Your API Key. Required. |
iat | The current timestamp. Required. |
exp | JWT expiration date. Required. In epoch format. |
{
"iss": API_KEY,
"iat": 1662147046,
"exp": 1662152446
}
Signature
To create a signature for the JWT, the header and payload must be encoded with the API Secret through an HMAC SHA256 algorithm.
| Value | Value Description |
|---|---|
API_SECRET | Required, your API Secret. |
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
API_SECRET,
);
Example API JWT
<JWT_TOKEN>
Node.js generate API JWT function
This sample Node.js generate API JWT function uses jsrsasign, an open source cryptographic JavaScript library, to encode the token.
const KJUR = require("jsrsasign");
// https://www.npmjs.com/package/jsrsasign
const iat = Math.round(new Date().getTime() / 1000) - 30;
const exp = iat + 60 * 60 * 2;
const oHeader = { alg: "HS256", typ: "JWT" };
const oPayload = {
iss: process.env.ZOOM_API_KEY,
iat: iat,
exp: exp,
};
const sHeader = JSON.stringify(oHeader);
const sPayload = JSON.stringify(oPayload);
const API_JWT = KJUR.jws.JWS.sign(
"HS256",
sHeader,
sPayload,
process.env.ZOOM_API_SECRET,
);
console.log(API_JWT);
For additional JWT libraries and examples in more languages, see JWT.io.
Access or modify subaccount data
Master accounts can use APIs to programmatically manage activities for subaccounts in their organization if both the owner of the master account and the owner of the subaccount agree. Work with your Zoom account representative to enable this access for the master account and each subaccount.
Prerequisites
- Verify that the master account and the subaccount are in the same organization.
- Verify that Zoom has enabled both of the following permissions:
- Master account permission: Login access to the subaccount.
- Subaccount permission: Login access from the master account.
Access subaccount data
Note
This example uses Video SDK.
Use the Video SDK master account APIs to access or modify subaccount data. For example, the subaccount endpoint to get a daily usage report is /videosdk/report/daily. If you are using the master account and you would like to get the daily usage report for this subaccount, use /v2/accounts/{accountId}/videosdk/report/daily.
To access subaccount data
Follow these steps to use the master's API JWT to access the account endpoints for the subaccount and access or modify subaccount data. After authentication, these steps work just as you would use the master account API endpoints in the Zoom Meetings API.
- Be sure that you meet the prerequisites.
- Use the list subaccounts endpoint to get the account ID for the subaccount.
- Use the master account Video SDK API JWT to generate an authorization token to access the API.
- Find the master API endpoint that you want to use, for example, a Video SDK master account API or an Account master API such as get account settings for
in_sessionobjects. - Replace
{accountId}with the account ID for the subaccount.
Subscribe to webhook events
On your account page, under Add feature, toggle Event Subscriptions to subscribe to events using webhooks.
Configure webhooks to send Cobrowse SDK events or Video SDK events to your server as HTTP POST requests. This is useful for tracking events or building out business logic. For example, when you receive a Video SDK session ended webhook, you could send an email to thank the participants for joining.