DEV Community

Elisa Levet for Zoom

Posted on

Why use Server To Server OAuth?

The JWT app type will be deprecated in June 2023 and we recommend and highly encourage that you start migrating from the JWT app to the newly introduced Server-to-Server OAuth App.

**But, you might be wondering why we are deprecating the JWT app?**

The main reason we are introducing server-to-server OAuth over JWT is to provide more granular scoping options for internal apps that retrieve data from our endpoints.

Internal JWT apps, created by account admins, have wide scope access and rely on token generation from account-level credentials. Server-to-server OAuth allows individual users to create apps with scoped access to APIs which reflect the access they already have.

Learn more about the Frequent Asked Question here:

That being said, here is a quick and simple guide on how to use or new app with Postman:

This new app type facilitates OAuth-authenticated requests between servers without end-user involvement. This grant type enables your private server application to get your account owner access token without user interaction.

To start using this App, the Administrator for your Zoom account or the Owner of the account must enable the view and edit permissions for Server-to-Server OAuth app by going to User Management > Roles > Role Settings > Advanced features.

Role settings needed

Once those permissions are enabled, you will be able to see the app in your Marketplace Dashboard.

Once the app is created and you have added the scopes and features (event subscriptions) that you want to include, you can go ahead and activate your app in your account.

Feel free to follow along on the Steps on How to Create a Server-to-Server OAuth app here:

Now, it is time to get started and use Postman with our newly created app.

Step 1

Create a new Post request to

Step 2

Add the following Query Params

(Grab your account_id from the App credentials Tab in your newly created app)

So your Post request should look something like this:

Post request

Step 3

Go to the Authorization Tab and select Basic Auth as the authorization type and user your Client ID as a Username and your Client SECRET as your password:
(Grab those credentials from your newly created app as well)


Once that is all done, you should be able to send the POST request and you will get a response that will look something like this:

Bearer token to make API calls with

You should be able to use the access_token as a bearer token to make API calls to those endpoints that can be accessed with the scope/s set up in the Server-to-Server application.

Hope this helps to understand this new app type better and let me know if you have any questions or suggestions!

Happy coding!
Elisa :)

Top comments (1)

linkjavier profile image
Javier Charria Gómez

Hello how are you? I hope that very good
My question is how to generate a JWT Token with the information of an OAuth Server to Server App. I need it to call ZoomMtg,join().
And how would the parameters that should go in join be?