Introduction
Zoom provides a Server-to-Server OAuth (S2S OAuth) authentication method for secure API interactions between your application and Zoom services. This authentication method is recommended for server-based applications that do not require user authorization. This article will cover,
- Setting up a Server-to-Server OAuth app in Zoom Marketplace
- Generating an access token
- Implementing authentication in an ASP.NET Core Web API
- Creating Zoom meetings using the API
Prerequisites
Before you start, make sure you have,
- A Zoom Developer Account (Zoom Marketplace)
- An ASP.NET Core Web API project (minimum .NET 6)
- HttpClient for making API calls
- Postman or any API testing tool
Create a Server-to-Server OAuth App in Zoom
We'll first create an OAuth app in Zoom, enter the required details, and obtain all the necessary credentials for the next steps.
- Go to Zoom App Marketplace: Zoom Marketplace
- Click Develop > Build App.
![Build App]()
- Choose Server-to-Server OAuth.
![Server-to-Server OAuth]()
- Enter the required details (App Name, Description, Company Name, etc.).
- Generate Client ID, Client Secret, and Account ID.
- Set Scopes: Add permissions for required API access (e.g., meeting:read, meeting:write, user:read).
![Set Scopes]()
- Save the app and keep the credentials secure.
![Credentials secure]()
Configure ASP.NET Core Web API
Now we will create a Web API project and implement the zoom authentication process there.
Create an ASP.NET Core Web API project
![Create Project]()
Add Zoom Credentials to appsettings.json
{
"ZoomSettings": {
"ClientId": "your-client-id",
"ClientSecret": "your-client-secret",
"AccountId": "your-account-id",
"AuthUrl": "https://zoom.us/oauth/token",
"ApiBaseUrl": "https://api.zoom.us/v2/"
}
}
Implement Zoom Authentication Service
We need a service to obtain an OAuth access token from Zoom. Now we will create a Services folder and inside that folder add a class ZoomAuthService as given below.
public class ZoomAuthService
{
private readonly IConfiguration _configuration;
private string _accessToken;
private DateTime _tokenExpiry;
public ZoomAuthService(IConfiguration config)
{
_configuration = config;
}
public async Task<string> GetAccessTokenAsync()
{
string zoomTokenUrl = _configuration["ZoomSettings:OAuthEndpoint"];
string clientId = _configuration["ZoomSettings:ClientId"];
string clientSecret = _configuration["ZoomSettings:ClientSecret"];
string encodedCredentials = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}"));
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", encodedCredentials);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var requestData = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("grant_type", "account_credentials"),
new KeyValuePair<string, string>("account_id", _configuration["ZoomSettings:AccountId"])
};
var requestContent = new FormUrlEncodedContent(requestData);
var response = await client.PostAsync(zoomTokenUrl, requestContent);
var responseString = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
var tokenResponse = JsonConvert.DeserializeObject<ZoomTokenResponse>(responseString);
return tokenResponse.access_token;
}
return null;
}
}
}
public class ZoomTokenResponse
{
public string access_token { get; set; }
public int expires_in { get; set; }
}
Implement API for Zoom Meeting Management
We will create a meeting service that interacts with Zoom’s API as given in the below code.
public class ZoomMeetingService
{
private readonly ZoomAuthService _zoomAuthService;
private readonly IConfiguration _config;
public ZoomMeetingService(ZoomAuthService zoomAuthService, IConfiguration config)
{
_zoomAuthService = zoomAuthService;
_config = config;
}
public async Task<ZoomMeetingResponse> CreateMeetingAsync(string topic, int duration)
{
string accessToken = await _zoomAuthService.GetAccessTokenAsync();
string zoomApiUrl = $"{_config["ZoomSettings:APIBaseUrl"]}users/me/meetings";
var body = new
{
topic = topic,
type = 2, // Scheduled Meeting
duration = duration,
timezone = "UTC",
settings = new { host_video = true, participant_video = true }
};
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var jsonContent = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json");
var response = await client.PostAsync(zoomApiUrl, jsonContent);
var responseString = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
return JsonConvert.DeserializeObject<ZoomMeetingResponse>(responseString);
}
}
return null;
}
}
public class ZoomMeetingResponse
{
[JsonProperty("id")]
public long MeetingId { get; set; }
[JsonProperty("join_url")]
public string? JoinUrl { get; set; }
[JsonProperty("start_url")]
public string? StartUrl { get; set; }
}
Create API Controller
[Route("api/[controller]")]
[ApiController]
public class ZoomController : ControllerBase
{
private readonly ZoomMeetingService _zoomMeetingService;
public ZoomController(ZoomMeetingService zoomMeetingService)
{
_zoomMeetingService = zoomMeetingService;
}
[HttpPost("create-meeting")]
public async Task<IActionResult> CreateMeeting([FromBody] CreateMeetingRequest request)
{
var result = await _zoomMeetingService.CreateMeetingAsync(request.Topic, request.Duration);
return Ok(result);
}
}
public class CreateMeetingRequest
{
public string Topic { get; set; }
public int Duration { get; set; }
}
Test API Using Swagger
Now we can test the endpoint as given in the below image.
![Test API]()
Conclusion
In this article, we implemented Server-to-Server OAuth authentication in Zoom using an ASP.NET Core Web API. We covered.
- Creating a Server-to-Server OAuth App in Zoom Marketplace
- Generating and managing an OAuth token
- Creating meetings using Zoom’s API
This setup can be extended to support webinars, users, recordings, and more.
Thank You, and Stay Tuned for More!
More Articles from my Account